RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

  • Daniel Genkin
  • Adi Shamir
  • Eran Tromer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8616)


Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: as we show in this paper, they can leak the key used in cryptographic operations. This is surprising, since the acoustic information has very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), which is many orders of magnitude below the GHz-scale clock rates of the attacked computers. We describe a new acoustic cryptanalysis attack which can extract full 4096-bit RSA keys from the popular GnuPG software, within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate such attacks, using a plain mobile phone placed next to the computer, or a more sensitive microphone placed 10 meters away.


Acoustic Emanation Modular Reduction Modular Exponentiation Multiplication Routine Target Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AA04]
    Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, pp. 3–11 (2004)Google Scholar
  2. [And08]
    Anderson, R.J.: Security engineering — a guide to building dependable distributed systems, 2nd edn. Wiley (2008)Google Scholar
  3. [BB05]
    Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)CrossRefGoogle Scholar
  4. [BBB+12]
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST SP 800-57: Recommendation for key management — part 1: General (2012)Google Scholar
  5. [BDG+10]
    Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: USENIX Security Symposium, pp. 307–322 (2010)Google Scholar
  6. [BWY06]
    Berger, Y., Wool, A., Yeredor, A.: Dictionary attacks using keyboard acoustic emanations. In: ACM Conference on Computer and Communications Security, pp. 245–254 (2006)Google Scholar
  7. [Cop97]
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [Eni]
    The Enigmail Project. Enigmail: A simple interface for OpenPGP email securityGoogle Scholar
  9. [Gen]
    Genesis 27:5Google Scholar
  10. [Gmp]
    GNU multiple precision arithmetic libraryGoogle Scholar
  11. [Gpg]
    The GNU Privacy GuardGoogle Scholar
  12. [GST13]
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis (extended version). IACR Cryptology ePrint Archive, 2013:857 (2013)Google Scholar
  13. [HS10]
    Halevi, T., Saxena, N.: On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping. In: ACM Conference on Computer and Communications Security, pp. 97–108 (2010)Google Scholar
  14. [KJJR11]
    Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. Journal of Cryptographic Engineering 1(1), 5–27 (2011)CrossRefGoogle Scholar
  15. [KO62]
    Karatsuba, A., Ofman, Y.: Multiplication of Many-Digital Numbers by Automatic Computers. Proceedings of the USSR Academy of Sciences 145, 293–294 (1962)Google Scholar
  16. [Nat82]
    National Security Agency. NACSIM 5000: TEMPEST fundamentals (February 1982)Google Scholar
  17. [Nat09]
    National Institute of Standards and Technology. FIPS 140-3: Draft security requirements for cryptographic modules, revised draft (2009)Google Scholar
  18. [RS85]
    Rivest, R.L., Shamir, A.: Efficient factoring based on partial information. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 31–34. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  19. [ST04]
    Shamir, A., Tromer, E.: Acoustic cryptanalysis: on nosy people and noisy machines. Eurocrypt rump session (2004)Google Scholar
  20. [SWT01]
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium, vol. (2001)Google Scholar
  21. [Wri87]
    Wright, P.: Spycatcher. Viking Penguin (1987)Google Scholar
  22. [YF13]
    Yarom, Y., Falkner, K.E.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. IACR Cryptology ePrint Archive, 2013:448 (2013)Google Scholar
  23. [ZZT05]
    Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. In: ACM Conference on Computer and Communications Security, pp. 373–382 (2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Daniel Genkin
    • 1
  • Adi Shamir
    • 2
  • Eran Tromer
    • 3
  1. 1.Technion and Tel Aviv UniversityIsrael
  2. 2.Weizmann Institute of ScienceIsrael
  3. 3.Tel Aviv UniversityIsrael

Personalised recommendations