Advertisement

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

  • Paul C. Kocher
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1109)

Abstract

By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.

Keywords

timing attack cryptanalysis RSA Diffie-Hellman DSS 

References

  1. 1.
    D. Chaum, “Blind Signatures for Untraceable Payments,” Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 199–203.Google Scholar
  2. 2.
    W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, IT-22, n. 6, Nov 1976, pp. 644–654.CrossRefMathSciNetGoogle Scholar
  3. 3.
    X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992.Google Scholar
  4. 4.
    National Bureau of Standards, “Data Encryption Standard,” Federal Information Processing Standards Publication 46, January 1977.Google Scholar
  5. 5.
    National Institute of Standards and Technology, “Digital Signature Standard,” Federal Information Processing Standards Publication 186, May 1994.Google Scholar
  6. 6.
    P.L. Montgomery, “Modular Multiplication without Trial Division,” Mathematics of Computation, v. 44, n. 170, 1985, pp. 519–521.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    R.L. Rivest, “The RC5 Encryption Algorithm,” Fast Software Encryption: Second International Workshop, Leuven, Belgium, December 1994, Proceedings, Springer-Verlag, 1994, pp. 86–96.Google Scholar
  8. 8.
    R.L. Rivest, A. Shamir, and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, 21, 1978, pp. 120–126.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    P.R. Rogaway and D. Coppersmith, “A Software-Optimized Encryption Algorithm,” Fast Software Encryption: Cambridge Security Workshop, Cambridge, U.K., December 1993, Proceedings, Springer-Verlag, 1993, pp. 56–63.Google Scholar
  10. 10.
    RSA Laboratories, “RSAREF: A Cryptographic Toolkit,” Version 2.0, 1994, available via FTP from rsa.com.Google Scholar
  11. 11.
    B. Schneier, “Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish),” Fast Software Encryption: Second International Workshop, Leuven, Belgium, December 1994, Proceedings, Springer-Verlag, 1994, pp. 191–204.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Paul C. Kocher
    • 1
  1. 1.Cryptography ConsultantStanfordUSA

Personalised recommendations