[Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

[Jerry Leichter]

On Dec 18, 2013, at 7:50 PM, Phillip Hallam-Baker wrote:
> As a student I was fortunate enough to attend one of Adi Shamir's lectures at the university of Waterloo where he talked specifically about this problem. It stuck with me and I'm glad to see that an actual key recovery attack came out of it.
> Have you trief this out against openssl ? How succesful do you think it would be ?
> 
> I would expect it to work against any crypto code that has not been designed to avoid power or RF analysis....
I've only read a very small part of the paper, but ... this isn't true.  In fact, the paper comments that the techniques used to block traditional RF and power attacks make the acoustic attacks *easier*.  (The acoustic attacks, by their nature, operate in a very much lower frequency band than traditional attacks.  A side-effect of the traditional defenses is to tamp down the irrelevant low-frequency stuff while not stopping the low-frequency information they actually need.

They specifically attack a version of PGP which has counter-measures to the traditional attacks in place.  Based on their results, later versions of PGP are immune.

The attack is a chosen-ciphertext attack against RSA that causes the multiplications to hit some repetitive patterns.  It's likely to work, with perhaps some modifications, against any implementation that isn't hardened in specific ways to protect itself.

The paper is 50+ pages long and will take some time to absorb.  But Adi Shamir has come through again.  Where would we be without him?

                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131218/df675cee/attachment.html>