Paper 2023/1442

Everlasting ROBOT: the Marvin Attack

Hubert Kario, Red Hat
Abstract

In this paper we show that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. We have successfully attacked multiple implementations using only timing of decryption operation and shown that many others are vulnerable. To perform the attack we used more statistically rigorous techniques like the sign test, Wilcoxon signed-rank test, and bootstrapping of median of pairwise differences. We publish a set of tools for testing libraries that perform RSA decryption against timing side-channel attacks, including one that can test arbitrary TLS servers with no need to write a test harnesses. Finally, we propose a set of workarounds that implementations can employ if they can't avoid the use of RSA.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
side-channel attackstiming attacksBleichenbacher attackRSA
Contact author(s)
hkario @ redhat com
History
2023-09-24: approved
2023-09-21: received
See all versions
Short URL
https://ia.cr/2023/1442
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2023/1442,
      author = {Hubert Kario},
      title = {Everlasting ROBOT: the Marvin Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1442},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1442}},
      url = {https://eprint.iacr.org/2023/1442}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.