Journal of Cryptographic Engineering

, Volume 7, Issue 2, pp 99–112

CacheBleed: a timing attack on OpenSSL constant-time RSA

CHES 2016


The scatter–gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper, we show that scatter–gather is not constant time. We implement a cache timing attack against the scatter–gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA, our attack can fully recover the private key after observing 16,000 decryptions.


Side-channel attacks Cache attacks Cryptographic implementations Constant-time RSA 

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.Data61, CSIRO and University of AdelaideAdelaideAustralia
  2. 2.University of PennsylvaniaPhiladelphiaUSA
  3. 3.University of MarylandCollege ParkUSA

Personalised recommendations