Abstract

By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
356	Blind Signatures for Untraceable Payments - Chaum - 1982
336	Modular multiplication without trial division - Montgomery
234	New directions in cryptography - e, Hellman - 1976
133	Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish - Schneier - 1993
114	On the Design and Security of Block Ciphers - Lai - 1992
4	A software-optimized encryption algorithm", revised version - Rogaway, Coppersmith
2	The RC5 Encryption Algorithm," Fast Software Encryption - Rivest - 1994
2	RSAREF: A Cryptographic Toolkit," version 2.0 - Laboratories - 1994