• Corpus ID: 850114

Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel

  title={Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel},
  author={Dan Page},
  journal={IACR Cryptol. ePrint Arch.},
  • D. Page
  • Published 2002
  • Computer Science, Mathematics
  • IACR Cryptol. ePrint Arch.
We expand on the idea, proposed by Kelsey et al. [?], of cache memory being used as a side-channel which leaks information during the run of a cryptographic algorithm. By using this side-channel, an attacker may be able to reveal or narrow the possible values of secret information held on the target device. We describe an attack which encrypts 2 chosen plaintexts on the target processor in order to collect cache profiles and then performs around 2 computational steps to recover the key. As well… 

Figures from this paper

Efficient Cache Attacks on AES, and Countermeasures

An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache.


The paper investigates Bernstein's claim that timing leaks can be used to mount a successful attack, which retrieves the AES key and the practicalities involved in implementing such an attack.

Cache Attacks and Countermeasures: The Case of AES

An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache.

Measurement program: Investigation on cache-timing attack

  • Y. KhalidU. DippelS. Yussof
  • Computer Science, Mathematics
    2009 IEEE 9th Malaysia International Conference on Communications (MICC)
  • 2009
This paper is investigating cache-timing attacks, and shows some experimental results that motivated it to develop a portable measurement program for such attacks.

Cryptanalysis of DES Implemented on Computers with Cache

The results of applying an attack against the Data Encryption Standard (DES) implemented in some applications, using side-channel information based on CPU delay as proposed in (11), found that the cipher can be broken with 2 known plaintexts and 2 24 calculations at a success rate > 90%, using a personal computer with 600-MHz Pentium III.

Cache Storage Attacks

This paper introduces a new storage channel made available through cache debug facilities on some embedded microprocessors and is then extended to a cryptanalytic side-channel attack on AES software.

Cryptographic Side-Channels from Low-Power Cache Memory

This work introduces a new attack within this class which targets the use of low power cache memories, showing that they permit attack where a more considered design strategy would not.

Cryptanalysis of CLEFIA Using Differential Methods with Cache Trace Patterns

The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles.

Improving cache attacks by considering cipher structure

This paper provided the cache attack in which the average method is embodied, and provides improved key estimation, and includes the study on the attack that exploits internal collision.

Cache Timing Analysis of RC4

A new state recovery analysis on RC4 using a belief propagation algorithm that works well and its soundness is proved for known or unknown plaintext and only requires that the attacker queries the RC4 encryption process byte by byte for a practical attack.



Instruction stream mutation for non-deterministic processors

  • J. IrwinD. PageN. Smart
  • Computer Science
    Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors
  • 2002
This work describes the addition of a specialised processor pipeline stage which increases the level of potential non-determinism and hence guards against the revelation of secret information in differential power analysis.

Side Channel Cryptanalysis of Product Ciphers

The notion of side-channel cryptanalysis: cryptanalysis using implementation data is introduced andSide-channel attacks against three product ciphers are demonstrated and generalized to other cryptosystems are generalized.

Power Analysis, What Is Now Possible

This paper first describes and analyzes some different possible models of power analysis for smart-cards, then applies these models to real components and clearly defines what can be detected by power analysis.

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

  • P. Kocher
  • Computer Science, Mathematics
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.

Physical side-channel attacks on cryptographic systems

  • N. Smart
  • Computer Science, Mathematics
    Softw. Focus
  • 2000
Amber of attacks on cryptographic systems which depend on measuring physical characteristics of such systems whilst a given cryptographic operation is carried out are described, for example power consumption, computing time or EMF radiations.

Differential Fault Analysis of Secret Key Cryptosystems

This work states that this attack is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES).

Differential Power Analysis

Methods for analyzing power consumption to get the secret keys are examined and the ways for building systems that can operate safely using existing hardware, which leaks information are discussed.

Fast Software Encryption Functions

  • R. Merkle
  • Computer Science, Mathematics
  • 1990
A well accepted encryption function for implementation in software is presented here - on a SUN 4/260 it can encrypt at 4 to 8 megabits per second, which will effectively reduce the cost and increase the availability of cryptographic protection.

The Design of Rijndael

This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.

Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards

The security ramifications of these "splits" in trust are discussed, showing that they are fundamental to a proper understanding of the security of systems that include smart cards.