eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2023/135

Uncovering Vulnerabilities in Smartphone Cryptography: A Timing Analysis of the Bouncy Castle RSA Implementation

Sarani Bhattacharya, Imec
Dilip Kumar Shanmugasundaram Veeraraghavan, KU Leuven
Shivam Bhasin, Nanyang Technological University
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur

Modern day smart phones are used for performing several sensitive operations, including online payments. Hence, the underlying cryptographic libraries are expected to adhere to proper security measures to ensure that there are no exploitable leakages. In particular, the implementations should be constant time to prevent subsequent timing based side channel analysis which can leak secret keys. Unfortunately, we unearth in this paper a glaring timing variation present in the Bouncy-Castle implementation of RSA like ciphers which is based on the BigInteger Java library to support large number theoretic computations. We follow up the investigation with a step-by-step procedure to exploit the timing variations to retrieve the complete secret of windowed RSA-2048 implementation. The entire analysis is possible with a single set of timing observation, implying that the timing observation can be done at the onset, followed by some post processing which does not need access to the phone. We have validated our analysis on Android Marshmallow 6.0, Nougat 7.0 and Oreo 8.0 versions. Interestingly, we note that for newer phones the timing measurement is more accurate leading to faster key retrievals.

Note: Timing Side-channel Analysis on Cryptographic implementation on Android phones

Available format(s)
Attacks and cryptanalysis
Publication info
Timing AttackBouncy Castle RSA implementationSmartphone cryptography
Contact author(s)
sarani bhattacharya @ imec be
dilipkumar shanmugasundaramveeraraghavan @ kuleuven be
sbhasin @ ntu edu sg
debdeep @ cse iitkgp ac in
2023-02-07: approved
2023-02-05: received
See all versions
Short URL
No rights reserved


      author = {Sarani Bhattacharya and Dilip Kumar Shanmugasundaram Veeraraghavan and Shivam Bhasin and Debdeep Mukhopadhyay},
      title = {Uncovering Vulnerabilities in Smartphone Cryptography: A Timing Analysis of the Bouncy Castle RSA Implementation},
      howpublished = {Cryptology ePrint Archive, Paper 2023/135},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/135}},
      url = {https://eprint.iacr.org/2023/135}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.