Scientists Extract RSA Key From GnuPG Using Sound of CPU

kthreadd writes "In their research paper titled RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Daniel Genkin, Adi Shamir and Eran Tromer et al. present a method for extracting decryption keys from the GnuPG security suite using an interesting side-channel attack. By analysing the acoustic sound made by the CPU they were able to extract a 4096-bit RSA key in about an hour (PDF). A modern mobile phone placed next to the computer is sufficient to carry out the attack, but up to four meters have been successfully tested using specially designed microphones."

Re:Remember TEMPEST?

Using multiple cores turns out to help the attack (by shifting down the signal frequencies).

Say what? Through what mechanism would multiple cores shift down the frequency? And what about parallel instruction streams contributing to noise?

It is not the cores specifically but a mathematical property commonly used in radio communication.
sin(a)*sin(b) = 1/2 * (cos(a-b) - cos(a+b))
A transistor working in the non-linear section will have an exponential function. This will give a function similar to (a+b)^2 = a^2 + 2ab + b^2 (Not really, but close, the important part is that you get the product of the signals. The rest will be high frequency noise.)

This means that if you have two frequencies that are cos to each other, like 3000000kHz and and 3000001kHz the interaction between them will create a component at 6000001kHz and one a 1kHz.
Pretty much all audio equipment you can find will gladly filter out the higher frequencies and let the 1kHz component through.
The frequency variations in the ~1kHz component will give you information about the runtimes of the instructions.