When the running time of a cryptographic device is not constant, this time may leak information about the secret parameters involved, so that careful timing measurement and analysis may allow to recover the system's secret key. This idea first appeared in the scientific literature in 1996 .
Targeting implementation specificities, timing attacks belong to the side-channel attacks family, of which they were one of the first representatives (see also side-channel analysis).
To conduct the attack, the adversary needs to collect a set (sample) of messages, together with their processing time by the cryptographic device. Running time might be obtained by measuring the question-answer delay, by monitoring the processor activity, etc.
One privileged target for timing attacks—as well as other side-channel attacks—is that of smart cards. A classical smart card (like defined by the ISO 7816 standard) is not equipped by an internal clock, but has its clock ticks...
- Canvel, B., A. Hiltgen, S. Vaudenay, and M. Vuagnoux (2003). “Password interception in a SSL/TLS channel.” Advances in Cryptology—CRYPTO 2003 Lecture Notes in Computer Science, vol. 2729, ed. D. Boneh. Springer-Verlag, Berlin.Google Scholar
- Cathalo, J., F. Koeune, and J.-J. Quisquater (2003). “A new type of timing attack: Application to GPS.” Cryptographic Hardware and Embedded Systems— CHES 2003. Lecture Notes in Computer Science, vol. 2779, eds. Burton, S. Kaliski, Çetin K. Koç, and Christof Paar. Springer-Verlag, Berlin.Google Scholar
- Dhem, J.-F., F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems (1998). “A practical implementation of the timing attack.” Proceedings of CARDIS 1998, Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, vol. 1820, eds. J.-J. Quisquater and B. Schneier. Springer, Berlin.Google Scholar
- Dhem, J.F. (1998). “Design of an efficient public-key cryptographic library for risc-based smart cards.” PhD Thesis, UCL Crypto Group, Laboratoire de microélectronique (DICE), Université catholique de Louvain.Google Scholar
- Handschuh, H. and H. Heys (1998). “A timing attack on RC5.” Proceedings of SAC'98, Lecture Notes in Computer Science, vol. 1556, eds. S.E. Tavares and H. Meijer. Springer, Berlin, 306–318.Google Scholar
- Katagi, M., I. Kitamura, T. Akishita, and T. Takagi (2002). “A timing attack on hyperelliptic curve cryptosystems.” Cryptology ePrint Archive: Report 2002/203. Available at http://eprint.iacr.org
- Kocher, P. (1996). “Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems,” Advances in Cryptology—CRYPTO'96, Santa Barbara, CA, Lecture Notes in Computer Science, vol. 1109, ed. N. Koblitz. Springer, Berlin, 104–113.Google Scholar
- Schindler, W., J.-J. Quisquater, and F. Koeune (2001). “Improving divide and conquer attacks against cryptosystems by better error detection correction strategies.” Proceedings of 8th IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science, vol. 2260, ed. B. Honary. Springer Berlin. December 2001, 245–267.Google Scholar
- Colin, D. Walter (1999). “Montgomery's multiplication technique: How to make it smaller and faster.” Cryptographic Hardware and Embedded Systems—CHES'99, August, Lecture Notes in Computer Science, vol. 1717, eds. Çetin K. Koç and Christof Paar. Springer-Verlag, Berlin, 80–93.Google Scholar