[Cryptography] Caches considered harmful
Henry Baker
hbaker1 at pipeline.com
Sat Jan 6 10:50:16 EST 2018
Bottom line: we're painfully repeating Santayana's lesson about history,
but in this case, the lessons learned from the *padding* and *compression*
attacks on encryption. HW (and SW) caches are a form of compression (in
time) and therefore the timing side-channel leaks plaintext information
in a similar manner to compression attacks.
http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
"Compression and Information Leakage of Plaintext
"John Kelsey, Certicom
"The compression side-channel differs from side-channels described in [Koc96] [KSHW00] [KJY00] in two important ways:
1. It reveals information about plaintext, rather than key material.
2. It is a property of the algorithm, not the implementation. That is, ***any implementation of the compression*** algorithm will be equally vulnerable."
---
Of course, invoking Santayana is doubly ironic in the context of caching!
More information about the cryptography
mailing list