Transcription of Cache-timing attacks on AES
{{id}} {{{paragraph}}}
Cache-timingattacks on AESD anielJ. Bernstein?Department of mathematics ,Statistics,andComputerScienc e(M/C249)TheUniversity of Illinoisat ChicagoChicago,IL demonstratescompleteAESkeyrecoveryfromkn own-plaintexttimingsof a networkserver shouldbe blamedontheAESdesign,notontheparticularA ESlibraryusedby theserver;it is extremelydi cultto discussesseveralof theobstaclesin :sidechannels,timingattacks,softwaretimi ngattacks,cachetiming,loadtiming,array lookups,S-boxes,AES1 IntroductionThispaper reportssuccessfulextractionof a completeAESkey froma networkserver useditskeysolelyto encryptdatausingtheOpenSSLAES implementationona was a verysimpletimingattack. Presumablythesametechniquecanextractcomp leteAESkeysfromthemorecomplicatedservers actuallyusedto handleInternetdata,althoughtheattackswil loftenrequireextratimingsto averageoutthee ectsof of thistype limitedto thePentiumIII?
Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago Chicago, IL 60607{7045 djb@cr.yp.to Abstract. This paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer. This attack should be blamed on the AES design, not on the particular AES
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document:
{{id}} {{{paragraph}}}