A New Vulnerability In RSA Cryptography

Udhay Shankar N udhay at pobox.com
Sun Nov 19 00:16:07 EST 2006


A New Vulnerability In RSA Cryptography

    Posted by kdawson on Saturday November 18, @04:45PM
    from the predictions-of-trouble dept.

    romiz writes, "Branch Prediction Analysis is a recent attack vector
    against RSA public-key cryptography on personal computers that relies
    on timing measurements to get information on the bits in the private
    key. However, the method is not very practical because it requires
    many attempts to obtain meaningful information, and the current
    OpenSSL implementation now includes protections against those attacks.
    However, German cryptographer Jean-Pierre Seifert has announced [1]a
    new method called Simple Branch Prediction Analysis that is at the
    same time much more efficient that the previous ones, only needs a
    single attempt, successfully bypasses the OpenSSL protections, and
    should prove harder to avoid without a very large execution penalty."
    From the article: "The successful extraction of almost all secret key
    bits by our SBPA attack against an openSSL RSA implementation proves
    that the often recommended blinding or so called randomization
    techniques to protect RSA against side-channel attacks are, in the
    context of SBPA attacks, totally useless." [2]Le Monde interviewed
    Seifert (in French, but Babelfish works well) and claims that the
    details of the SBPA attack are being withheld; however, a PDF of the
    paper is linked from the [3]ePrint abstract.

   1. http://eprint.iacr.org/2006/351
   3. http://eprint.iacr.org/2006/351

((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list