You are looking at a specific version 20160301:221414 of this paper. See the latest version.

Paper 2016/224

CacheBleed: A Timing Attack on OpenSSL Constant Time RSA

Yuval Yarom and Daniel Genkin and Nadia Heninger

Abstract

The scatter-gather technique is a commonly-implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant-time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
side-channel attackscache attackscryptographic implementationsconstant-timeRSA
Contact author(s)
yval @ cs adelaide edu au
History
2016-03-01: received
Short URL
https://ia.cr/2016/224
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.