Submission + - RSAkey revealed in few sec w/o Quantum Computer
QuantumCrypto writes: "IRISA is reporting that Branch Prediction is NOT good for Security. Branch predictors allow processors to execute the next instructions without waiting for the previous ones to be resolved, which in turn allows the RSA key to be spied.
Old news. Right? Well André Seznec at IRISA has independently verified the claims. "I've tried to validate the principle. It works! Beautiful case study by the way!" said André Seznec. Onur Aciçmez and his colleagues managed to grab 508 bits out of a 512-bit key on RSA encryption , at first shot, in just a few thousandths of a second. Quite a feat when compared to the endless three months and the line-up of 80-some 2.2 GHz CPU computers that the German Federal Office for Information Security (BSI) once poured in to crack a SSL 640-bit key (3).
Background from the Artikle:
Until not so long ago,processors were executing threads in a time shared mode: T0 was executing during a time slice, then T1 was executing during the next time slice, then T0 again, ..."Each of these time slices lasts far longer than the processor execution cycle. Say a thread lasts around10 milliseconds, representing about 20 to 30 million processor cycles. As long as a spy thread and a cryptographic thread are not executed simultaneously, there is no way the former can grab very precise information on the latter." The impervious architecture keeps threads peep proof.
But things have changed with the arrival of Pentium 4 HT processor generation (7), a SMT processor in PCs and servers. These CPUs run two threads at the same time: on the very same cycle, instructions from the two threads are executed on the CPU. Why? "Mainly to squeeze performance from the processor, Seznec answers. The processor can execute several instructions per cycle, but generally a significant part of the resource is lost if a single thread executes. When two threads execute at the same time, the hardware is significantly better utilized." Unfortunately, running two threads in parallel on the same hardware CPU can lead to some information leakage. "One can manage to grab an indirect view on a thread execution from a spying thread that is executed simultaneously. This indirect information about its execution can allow to recover critical information such an encryption key.""
Old news. Right? Well André Seznec at IRISA has independently verified the claims. "I've tried to validate the principle. It works! Beautiful case study by the way!" said André Seznec. Onur Aciçmez and his colleagues managed to grab 508 bits out of a 512-bit key on RSA encryption , at first shot, in just a few thousandths of a second. Quite a feat when compared to the endless three months and the line-up of 80-some 2.2 GHz CPU computers that the German Federal Office for Information Security (BSI) once poured in to crack a SSL 640-bit key (3).
Background from the Artikle:
Until not so long ago,processors were executing threads in a time shared mode: T0 was executing during a time slice, then T1 was executing during the next time slice, then T0 again,