Paper 2021/794

Reverse Engineering the Micro-Architectural Leakage Features of a Commercial Processor

Si Gao, Elisabeth Oswald, and Dan Page


Micro-architectural leakage is a reality even on low- to midrange commercial processors. Dealing with it is expensive, because micro-architectural leakage is often only discovered after implementation choices have been made (i.e. when evaluating the concrete implementation). We demonstrate that it is feasible, using a recent leakage modelling technique, to reverse engineer significant elements of the micro-architectural leakage of a mid-range commercial processor in a “grey-box” setting. Our approach first recovers the micro-architectural features of each stage in the pipeline, and the leakage of elements that are known to produce glitches. To put our reverse engineered micro-architectural leakage in context, we compare and contrast a leakage analysis of a relevant piece of masking code. More specifically, we compare the leakage that we would anticipate given our analysis, and predictions of the to-date most sophisticated leakage simulators (e.g. ELMO and MAPS) on the same piece of code. Our research demonstrates that reverse engineering of micro-architectural components (and their leakage) is clearly feasible using available side channel leakage, and following, it should be possible to build more accurate leakage simulators.

Available format(s)
Publication info
A major revision of an IACR publication in EUROCRYPT 2022
Leakage modellingMicro-architectureReverse engineering
Contact author(s)
si-gao @ outlook com
elisabeth oswald @ aau at
daniel page @ bristol ac uk
2022-03-01: revised
2021-06-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Si Gao and Elisabeth Oswald and Dan Page},
      title = {Reverse Engineering the Micro-Architectural Leakage Features of a Commercial Processor},
      howpublished = {Cryptology ePrint Archive, Paper 2021/794},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.