scispace - formally typeset
Search or ask a question
Topic

Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.


Papers
More filters
Journal Article
TL;DR: An attack on the RSA cryptosystem when the private exponent d is chosen to be 'small', under the condition that a sufficient amount of bits of d is available to the attacker.
Abstract: We describe an attack on the RSA cryptosystem when the private exponent d is chosen to be 'small', under the condition that a sufficient amount of bits of d is available to the attacker The attack uses a 2-dimensional lattice and is therefore (in the area of the keyspace where it applies) more efficient than known attacks using Coppersmith techniques Moreover, we show that the attacks of Wiener and Verheul/Van Tilborg, using continued fractions techniques, are special deterministic cases of our attack, which in general is heuristic

7 citations

Proceedings ArticleDOI
21 Apr 2015
TL;DR: This paper attacks a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor, and demonstrates on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix.
Abstract: In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosystem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption.

7 citations

Proceedings ArticleDOI
01 Sep 2017
TL;DR: The authors try and implement cache timing attack on various AES implementations over modern processors and observe the results firsthand to consider the practical importance of mounting an attack over a non-idealized system.
Abstract: In recent years, academic focus on side chan-nel analysis has increased due to their effectiveness in leaking information from secure systems. Advanced Encryption Standard or Rinjdael has been the object of scrutiny ever since its inception as a federal standard. Presently, it is one of the most widely used encryption algorithms in the world and has withstood the various efforts to crypt-analyze it. With academic focus on time leaking code implementations increasing in the 90s, and successful crypt-analysis of many algorithms due to side channel data leakage and the fact that improper software implementations can leak information has brought focus on side channel analysis of AES. We shall try and implement the cache timing attack on a modern server and modern implementations and observe the results firsthand. In this paper, the authors try and implement cache timing attack on various AES implementations over modern processors. The practical importance of mounting an attack over a non-idealized system and analyzing these real world results can be considered the primary objectives of this paper.

7 citations

Book ChapterDOI
07 Jun 2011
TL;DR: A new state recovery analysis on RC4 using a belief propagation algorithm that works well and its soundness is proved for known or unknown plaintext and only requires that the attacker queries the RC4 encryption process byte by byte for a practical attack.
Abstract: In this paper we present an attack that recovers the whole internal state of RC4 using a cache timing attack model first introduced in the cache timing attack of Osvik, Shamir and Tromer against some highly efficient AES implementations. In this model, the adversary can obtain some information related to the elements of a secret state used during the encryption process. Zenner formalized this model for LFSRbased stream ciphers. In this theoretical model inspired from practical attacks, we propose a new state recovery analysis on RC4 using a belief propagation algorithm. The algorithm works well and its soundness is proved for known or unknown plaintext and only requires that the attacker queries the RC4 encryption process byte by byte for a practical attack. Depending on the processor, our simulations show that we need between 300 to 1,300 keystream bytes and a computation time of less than a minute.

7 citations

Proceedings ArticleDOI
09 Aug 2019
TL;DR: A multiple-trace attack which enables to completely recover accurate secret indices and a singletrace attack which can even work when using ephemeral keys or applying Rossi et al.
Abstract: Chou suggested a constant-time implementation for quasi-cyclic moderatedensity parity-check (QC-MDPC) code-based cryptography to mitigate timing attacks at CHES 2016. This countermeasure was later found to become vulnerable to a differential power analysis (DPA) in private syndrome computation, as described by Rossi et al. at CHES 2017. The proposed DPA, however, still could not completely recover accurate secret indices, requiring further solving linear equations to obtain entire secret information. In this paper, we propose a multiple-trace attack which enables to completely recover accurate secret indices. We further propose a singletrace attack which can even work when using ephemeral keys or applying Rossi et al.’s DPA countermeasures. Our experiments show that the BIKE and LEDAcrypt may become vulnerable to our proposed attacks. The experiments are conducted using power consumption traces measured from ChipWhisperer-Lite XMEGA (8-bit processor) and ChipWhisperer UFO STM32F3 (32-bit processor) target boards.

7 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
89% related
Public-key cryptography
27.2K papers, 547.7K citations
88% related
Encryption
98.3K papers, 1.4M citations
85% related
Authentication
74.7K papers, 867.1K citations
85% related
Key (cryptography)
60.1K papers, 659.3K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202312
202221
202120
202030
201956
201849