Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [timing-attack]

The side channel attack is based on the fact that the time difference between certain operations executed by the implementation of a cryptographic scheme allow an adversary to get information that he didn't have according to the theoretical specification of the scheme.

Timing attacks analyze the speed of implemented algorithms.

At the hardware and software layer, complex operations take more time than simple operations. Furthermore, the dataflow can be analyzed because access of CPU registers, cache, and memory have different timing characteristics.

Timing attacks are related to power analysis.

111 questions
55
votes
2 answers

Timing attack and good coding practices

How would timing attack occur on a particular code but not in another code (because of good coding practice)? Could anyone give an example? I am having trouble figuring out how timing attacks would occur based on the way the code is written.
asdfasd
  • 551
  • 1
  • 5
  • 3
21
votes
8 answers

How can I understand whether my C implementation is constant-time or not (i.e. resistant to timing attacks)

I have a code for polynomial multiplication and it is written in C. I heard that whether a particular instruction is "constant time" can vary by architecture and by processor model and there isn't any official documentation for this behavior. How…
esra
  • 869
  • 10
  • 20
11
votes
3 answers

Is If/else vulnerable to timing side-channel attacks?

I have a branching in c++: if (x & 1) { x = function_1(x); } else { x = function_2(x); } If function_1 and function_2 are constant time and it takes the same time to compute them, is such branching still vulnerable for side-channel attacks?…
Tom
  • 1,221
  • 6
  • 16
6
votes
2 answers

Attack vectors introduced by compilers

I have a question about attacks on the implementation of cryptographic code that are enabled by compilation and compiler-optimisations. I am aware of this. Would anyone be able to point me to other examples? In particular, are there examples of…
Martin Berger
  • 215
  • 2
  • 12
5
votes
1 answer

How exploitable are cache timing attacks?

So there's a recent PHP package that has been written to protect against cache timing attacks, which can be seen here . My question is... just how exploitable are cache timing attacks? My overall impression is that they're extremely difficult to…
neubert
  • 2,927
  • 1
  • 28
  • 54
4
votes
1 answer

Constant Time Multiplication for Cryptography in Pure Software without Hardware Multiplier or Barrel Shifter

To prevent various forms of timing side-channel attacks, it's strongly advisable to implementing public-key cryptography in constant time. Or at least, without secret-dependent timing variations. However, as far as I'm aware, such implementations…
比尔盖子
  • 156
  • 6
4
votes
2 answers

Mitigating timing attacks with a random sleep

Could you mitigate all timing attacks by putting a sleep(random()) with a naive crypto implementation? Eg if your implementation looks solid, but you're not sure what the next CPU cache vulnerability is around the corner, would this be a legitimate…
Chris
  • 143
  • 5
3
votes
3 answers

Constant time comparison for arrays of different lengths

I found the following code snippet from the Bouncy Castle C# library, which seems to claim that it's constant time, even when the arrays have different lengths. /// /// A constant time equals comparison - does not terminate early if ///…
Jeremy
  • 31
  • 1
3
votes
1 answer

Are timing attacks exploitable if each key is used only once?

Suppose that one performs (for example) AES-GCM encryption and decryption using an algorithm that is vulnerable to timing attacks, but each key is used only once. Is it still possible to perform a successful timing attack?
Demi
  • 4,793
  • 1
  • 19
  • 39
2
votes
1 answer

How does failing to square a value in this version libcrypt++ cause a timing attack vulnerability?

I'm a crypto beginner and reading about blinding, and my fundamental understanding about preventing timing attacks is that you need to sort of process information in a way that will produce similar processing times for each set of operations. In…
john doe
  • 123
  • 3
2
votes
3 answers

Does this implementation of a function operate in constant time?

Suppose we have a function that takes $n$ parameters, each being one bit in size, and returns a single bit. Internally, this function has a bit string $N \in \{0, 1\}^{2^n}$ and it operates by using the $n$ inputs to form a pointer to bit $i$ in…
Melab
  • 3,655
  • 2
  • 22
  • 44
2
votes
2 answers

is accessing elements of an array in secret order vulnerable to timing attack?

Suppose there is an array containing bytes 0...255. Suppose this array is shuffled using a key for random data. Since this is indexing the elements of a table using secret data, is it vulnerable to timing attack? If so, Suppose the array is…
Ella Rose
  • 19,603
  • 6
  • 53
  • 101
2
votes
3 answers

Multiplication implemented in c++ with constant time

I'm considering some non-cryptographic PRNG which uses multiplication of two 64-bit or 128-bit random numbers at some point. __uint128_t a; __uint128_t b; __uint128_t result; result = a * b; Is this constant time? I don't think so, especially…
Tom
  • 1,221
  • 6
  • 16
1
vote
1 answer

obscuring timing attacks in vulnerable libraries

Let's say you're using a library that you know is vulnerable to timing attacks. Short of switching libraries all together it seems to me that putting a sleep in the code for a random number of microseconds (or seconds or whatever) would be…
neubert
  • 2,927
  • 1
  • 28
  • 54
1
vote
0 answers

Kocher Timing Attack - Error Correction

In class, we learned the Kocher Timing Attacke on modular exponentiation. For determining whether the (e.g., LSB) is 0 or 1, we specified two values: $T_1 = T_M - (TMult(1, y) + (\omega -1)ExpTMult)$ $T_0 = T_M - \omega ExpTMult$ where $T_M$ is the…
Christine
  • 343
  • 2
  • 5
1
2