Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Vulnerability In RSA Cryptography

Posted by ryuzaki0 on from the predictions-of-trouble dept.

romiz writes, "Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements to get information on the bits in the private key. However, the method is not very practical because it requires many attempts to obtain meaningful information, and the current OpenSSL implementation now includes protections against those attacks. However, German cryptographer Jean-Pierre Seifert has announced a new method called Simple Branch Prediction Analysis that is at the same time much more efficient that the previous ones, only needs a single attempt, successfully bypasses the OpenSSL protections, and should prove harder to avoid without a very large execution penalty." From the article: "The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless." Le Monde interviewed Seifert (in French, but Babelfish works well) and claims that the details of the SBPA attack are being withheld; however, a PDF of the paper is linked from the ePrint abstract.

1 of 108 comments (clear)

  1. Re:RSA Isn't Broken, And This Is Localhost Only by asuffield · · Score: 0, Offtopic
    This paper reads like a refined exploit for the same vulnerability.


    Virtually every academic paper ever published will match some statement of the form "a refined X for a known Y". That's what academic papers do. Papers which break new ground come around about once every few decades; most significant developments are actually a sequence of very small steps that the press ignores because it doesn't sound very impressive that way.

    Academic papers are almost never newsworthy. They are for academics to read. If you aren't working in the field (of *research*, or closely related engineering), you aren't interested in them. This one is no exception.

    The normal process, for those editors who have been living in a swamp for the past 500 years, is: discovery, press release (-> news), peer review, paper. Occasionally the second and third are swapped, but not often; researchers rarely feel a desire to keep their work secret after it's finished. For security issues like this one, the press release is called an "advisory", but that's just another name for the same thing.

    There's a good chance that this paper contains nothing new, and is merely the peer-reviewed version of an advisory that was published months ago (I don't remember the advisory, so I can't check). That would be normal. It would mean this article is a dupe, which is also normal.