Branch Prediction Attack on Blinded Scalar Multiplication

In recent years, performance counters have been used as a side channel source to monitor branch mispredictions, in order to attack cryptographic algorithms. However, the literature considers blinding techniques as effective countermeasures against such attacks. In this article, we present the first template attack on the branch predictor. We target blinded scalar multiplications with a side-channel attack that uses branch misprediction traces. Since an accurate model of the branch predictor is a crucial element of our attack, we first reverse-engineer the branch predictor. Our attack proceeds with a first online acquisition step, followed by an offline template attack with a template building phase and a template matching phase. During the template matching phase, we use a strategy we call Deduce & Remove, to first infer the candidate values from templates based on a model of the branch predictor, and subsequently eliminate erroneous observations. This last step uses the properties of the target blinding technique to remove wrong guesses and thus naturally provides error correction in key retrieval. In the later part of this article, we demonstrate a template attack on Curve1174 where the double-and-add always algorithm implementation is free from conditional branching on the secret scalar. In that case, we target the data-dependent branching based on the modular reduction operations of long integer multiplications. Such implementations still exist in open source software and can be vulnerable, even if top level safeguards like blinding are used. We provide experimental results on scalar splitting, scalar randomization, and point blinding to show that the secret scalar can be correctly recovered with high confidence. Finally, we conclude with recommendations on countermeasures to thwart such attacks.

[1]  Jean-Pierre Seifert,et al.  Micro-Architectural Cryptanalysis , 2007, IEEE Security & Privacy.

[2]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[3]  Nael B. Abu-Ghazaleh,et al.  Covert channels through branch predictors: a feasibility study , 2015, HASP@ISCA.

[4]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[5]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[6]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[7]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[8]  Don Coppersmith,et al.  Finding a Small Root of a Univariate Modular Equation , 1996, EUROCRYPT.

[9]  Éliane Jaulmes,et al.  Horizontal collision correlation attack on elliptic curves , 2014, Cryptography and Communications.

[10]  Erick Nascimento,et al.  Attacking Embedded ECC Implementations Through cmov Side Channels , 2016, SAC.

[11]  Benjamin Smith,et al.  Montgomery curves and their arithmetic , 2017, Journal of Cryptographic Engineering.

[12]  Aleksandar Milenkovic,et al.  Microbenchmarks for determining branch predictor organization , 2004, Softw. Pract. Exp..

[13]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[14]  Nael B. Abu-Ghazaleh,et al.  BranchScope: A New Side-Channel Attack on Directional Branch Predictor , 2018, ASPLOS.

[15]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[16]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[17]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[18]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[19]  Christophe Clavier,et al.  Universal Exponentiation Algorithm , 2001, CHES.

[20]  Georg Sigl,et al.  X25519 Hardware Implementation for Low-Latency Applications , 2016, 2016 Euromicro Conference on Digital System Design (DSD).

[21]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[22]  Jean-Pierre Seifert,et al.  New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.

[23]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[24]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[25]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[26]  Ingrid Verbauwhede,et al.  Exploiting Hardware Performance Counters , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[27]  Aleksandar Milenkovic,et al.  Experiment flows and microbenchmarks for reverse engineering of branch predictor structures , 2009, 2009 IEEE International Symposium on Performance Analysis of Systems and Software.

[28]  David Naccache,et al.  Improving the Big Mac Attack on Elliptic Curve Cryptography , 2015, The New Codebreakers.

[29]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[30]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[31]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[32]  Debdeep Mukhopadhyay,et al.  Who Watches the Watchmen?: Utilizing Performance Monitors for Compromising Keys of RSA on Intel Platforms , 2015, CHES.

[33]  Nicolas Le Scouarnec,et al.  Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters , 2015, RAID.

[34]  Chester Rebeiro,et al.  Template attack on SPA and FA resistant implementation of Montgomery ladder , 2016, IET Inf. Secur..

[35]  Marc Joye,et al.  Guide to Pairing-Based Cryptography , 2016 .