Skip to main content

TS

“Make sure DSA signing exponentiations really are constant-time”

Authors

César Pereida García, Billy Bob Brumly and Yuval Yarom

Aalto University
Finland

Tampere University of Technology

University of Adelaide

Data61
CSIRO

Abstract

TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first published cache-based key-recovery attack on these protocols.

BibTeX Entry

  @inproceedings{PereidaGarca_Yarom_16,
    author           = {Pereida García, César and Brumly, Billy Bob and Yarom, Yuval},
    month            = oct,
    year             = {2016},
    keywords         = {applied cryptography; digital signatures; side-channel analysis; timing attacks; cache-timing
                        attacks; dsa; openssl},
    title            = {“{M}ake Sure {DSA} Signing Exponentiations Really are Constant-Time”},
    booktitle        = {ACM Conference on Computer and Communications Security},
    pages            = {1639-1650},
    address          = {Vienna, Austria}
  }

Download