AES sidechannel attack by Osvik/Shamir/Tromer

Werner Koch wk at gnupg.org
Mon Nov 21 18:54:41 CET 2005


On Mon, 21 Nov 2005 12:54:54 +0100, Moritz Muehlenhoff said:

> there's a paper by Osvik, Shamir and Tromer that discusses local
> side channel attacks on cache access times of AES tables:
> http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf

Not sure whether I read that paper, but these attacks on AES are based
on the assumption that there exists an oracle with a huge bandwidth.
Anyone implementing a cryptographic application and allowing for an
oracle is plain stupid.

Regarding local attacks: Using private keys on a multi-user machine is
not a good idea at all.  Root will be able to compromise any key (not
just AES session keys but all public key operations) and further,
there are far too many local system exploits that it is definitely
easier to gain root than to mount complicated timing atatcks.


Salam-Shalom,

   Werner







More information about the Gnupg-devel mailing list