Improvement of trace-driven I-Cache timing attack on the RSA algorithm

The previous I-Cache timing attacks on the RSA algorithm which exploit the instruction path of a cipher are mostly proof-of-concept, and it is harder to put them into practice than D-Cache timing attacks. We propose a trace-driven timing attack model on the RSA algorithm via spying on the whole I-Cache, instead of the partial instruction cache to which the multiplication function mapped, by analyzing the complications in the previous I-Cache timing attack on the RSA algorithm. Then, an improved analysis algorithm of the exponent using the characteristic of the window size in SWE algorithm is provided, which could further reduce the search space of the key bits than the former. We further demonstrate how to recover the private key d from the scattered known bits of d"p and d"q, through demonstrating some conclusions and validating it by experimentation. In addition, an error detection mechanism to detect some erroneous decisions of the operation sequences is provided to reduce the number of the erroneous recovered bits, and improve the precision of decision. We implement an I-Cache timing attack on RSA of OpenSSL in a practical environment, the experimental results show that the feasibility and effectiveness of I-Cache timing attack can be improved.

[1]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[2]  Jennifer L. Bayuk A programmer's perspective , 2012, Comput. Secur..

[3]  Don Coppersmith,et al.  Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known , 1996, EUROCRYPT.

[4]  Jean-Pierre Seifert,et al.  Micro-Architectural Cryptanalysis , 2007, IEEE Security & Privacy.

[5]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[6]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[7]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Jean-Pierre Seifert,et al.  Cheap Hardware Parallelism Implies Cheap Security , 2007 .

[11]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[12]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[13]  Alexander Meurer,et al.  Correcting Errors in RSA Private Keys , 2010, CRYPTO.

[14]  Hovav Shacham,et al.  Available from the IACR Cryptology ePrint Archive as Report 2008/510. Reconstructing RSA Private Keys from Random Key Bits , 2022 .

[15]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[16]  Billy Bob Brumley,et al.  Cache-Timing Attacks and Shared Contexts ? , 2011 .

[17]  Onur Aciiçmez,et al.  A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL , 2008, CT-RSA.

[18]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.