Paper 2015/170

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer


We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms. The attacks can extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs. We demonstrate the attacks' feasibility by extracting keys from GnuPG, in a few seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread. The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.

Note: Revised March 3, 2015: minor editorial changes.

Available format(s)
Publication info
Preprint. MINOR revision.
side channelelectromagnetic analysisRSAElGamal
Contact author(s)
tromer @ cs tau ac il
2015-03-03: last of 2 revisions
2015-02-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer},
      title = {Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/170},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.