Paper 2024/149

Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks

Shing Hing William Cheng, University of Adelaide
Chitchanok Chuengsatiansup, University of Melbourne
Daniel Genkin, Georgia Institute of Technology
Dallas McNeil, University of Adelaide
Toby Murray, University of Melbourne
Yuval Yarom, Ruhr University Bochum
Zhiyuan Zhang, University of Melbourne

Speculative out-of-order execution is a strategy of masking execution latency by allowing younger instructions to execute before older instructions. While originally considered to be innocuous, speculative out-of-order execution was brought into the spotlight with the 2018 publication of the Spectre and Meltdown attacks. These attacks demonstrated that microarchitectural side channels can leak sensitive data accessed by speculatively executed instructions that are not part of the normal program execution. Since then, a significant effort has been vested in investigating how microarchitectural side channels can leak data from speculatively executed instructions and how to control this leakage. However, much less is known about how speculative out-of-order execution affects microarchitectural side-channel attacks. In this paper, we investigate how speculative out-of-order execution affects the Evict+Time cache attack. Evict+Time is based on the observation that cache misses are slower than cache hits, hence by measuring the execution time of code, an attacker can determine if a cache miss occurred during the execution. We demonstrate that, due to limited resources for tracking out-of-order execution, under certain conditions an attacker can gain more fine-grained information and determine whether a cache miss occurred in part of the executed code. Based on the observation, we design the Evict+Spec+Time attack, a variant of Evict+Time that can learn not only whether a cache miss occurred, but also in which part of the victim code it occurred. We demonstrate that Evict+Spec+Time is an order of magnitude more efficient than Evict+Time when attacking a T-table-based implementation of AES. We further show an Evict+Spec+Time attack on an S-box-based implementation of AES, recovering the key with as little as 14389 decryptions. To the best of our knowledge, ours is the first successful Evict+Time attack on such a victim.

Available format(s)
Attacks and cryptanalysis
Publication info
Cache-timing attacksout-of-order executionAES
Contact author(s)
c chuengsatiansup @ unimelb edu au
genkin @ gatech edu
toby murray @ unimelb edu au
yuval yarom @ rub de
zhiyuanz5 @ student unimelb edu au
2024-02-02: approved
2024-02-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shing Hing William Cheng and Chitchanok Chuengsatiansup and Daniel Genkin and Dallas McNeil and Toby Murray and Yuval Yarom and Zhiyuan Zhang},
      title = {Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2024/149},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.