rsa key extraction via low-bandwidth acoustic cryptanalysis

Intro

Acoustic side-channel cryptanalysis

Dušan Klinec

Faculty of InformaticsMasaryk university

Brno

13. 3. 2014

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 1 / 36

Intro

Source paper

RSA Key Extraction via Low-Bandwidth Acoustic CryptanalysisDaniel Genkin, Technion and Tel Aviv University;

Adi Shamir, Weizmann Institute of Science;Eran Tromer, Tel Aviv University

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 2 / 36

Source of the sound

What is it about

Extracts RSA private key byobserving acoustic side-channel leak

during decryption.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 3 / 36

Source of the sound

Acoustic, really?

Why does modern PC emit audiblenoise?

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 4 / 36

Source of the sound

Capacitor noise

High-pitched audible noise - capacitor is culprit #1.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 5 / 36

Source of the sound

Capacitor noise - why?

Piezoelectric effect.The internal generation of a mechanical strain resulting from anapplied electrical field.Note: Reversible, not interested in inverse right now.

Ti , Zr2+ Pb 4+

T < T

4+ 2– O

P

CT > TC

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36

Source of the sound

Capacitor noise - why?

Piezoelectric effect.The internal generation of a mechanical strain resulting from anapplied electrical field.Note: Reversible, not interested in inverse right now.

Ti , Zr2+ Pb 4+

T < T

4+ 2– O

P

CT > TC

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36

Source of the sound

Capacitor noise - how exactly?

L-T L-W

Beforeapplyingvoltage

Afterapplyingvoltage

LW with metalterminal

The large portion ofmodification

is made into Free.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36

Source of the sound

Capacitor noise - how exactly?

L-T L-W

Beforeapplyingvoltage

Afterapplyingvoltage

LW with metalterminal

The large portion ofmodification

is made into Free.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36

Source of the sound

Coil - culprit #2

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36

Source of the sound

Coil - culprit #2

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36

Source of the sound

Sound source

Dynamics of the pulse-width-modulation-based voltage regulatorcircuitry.Regulates emount of energy for CPU.Best mic mounting: fan exhaust, ethernet port.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 9 / 36

Experiment setup

Lab grade setup

1.25M saples per second, professional HW

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 10 / 36

Experiment setup

Portable setup

200k saples per second, 100kHz resolution.Attack works up to 1 m, (4 m with parabolic mic).

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 11 / 36

Experiment setup

Mobile setup

48k saples per second, low sensitivity, noise, pushing to the limits.attack works up to the 30 cm distance.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 12 / 36

Experiment setup

Acoustic noise – multiple devices tested

(a) Asus N55SF (b) Dell Inspiron 7720 (c) HP ProBook 4530s

(d) HP Pavilion Sleek book 15-b005ej (e) Samsung NP300V5A (f) Lenovo ThinkPad W530

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 13 / 36

Experiment setup

Attack scenario

Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

Experiment setup

Attack scenario

Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

Experiment setup

Attack scenario

Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

Experiment setup

Attack scenario

Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

Experiment setup

Attack scenario

Attacking several GnuPG implementations.Goal: recovery of a 4096 bit private key.Adaptive chosen cipher text attack.Recovers priv. key bit-by-bit. Requires to observe at least 2048decryptions (n = pq).Attack vector: Enigmail - Thunderbird GPG plugin, automaticallydecrypts incoming message.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

Experiment setup

Corelation of acoustic noise with executed code

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 15 / 36

Experiment setup

Corelation of acoustic noise with code length

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 16 / 36

Experiment setup

RSA implementation in GPG

n = pq where n is public modulus, p,q private prime numbers.e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))Normal RSA decryption: m = cd (mod n)Optimization (by factor of 4):

dp = d (mod (p − 1))dq = d (mod (q − 1))m1 = cdp (mod p)m2 = cdq (mod q)m = combine m1 and m2 using CRT

Thus 2 modular exponentiations, attacking 2nd prime.Signal is somehow stabilized after first one, better SNR.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36

Experiment setup

RSA implementation in GPG

n = pq where n is public modulus, p,q private prime numbers.e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))Normal RSA decryption: m = cd (mod n)Optimization (by factor of 4):

dp = d (mod (p − 1))dq = d (mod (q − 1))m1 = cdp (mod p)m2 = cdq (mod q)m = combine m1 and m2 using CRT

Thus 2 modular exponentiations, attacking 2nd prime.Signal is somehow stabilized after first one, better SNR.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36

Experiment setup

Attack 1 - Key distinguishability

5 GnuPG RSA signatures executed on a Lenovo ThinkPad T61.The transitions between p, q marked with yellow arrows.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 18 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Attack 2 - Key extraction

Determines secret factor q, one bit at time, from MSB to LSB.Notation: i-th bit qi of q, starting from MSB, (i = 2048).Incremental: Assumes key bits b2048 . . . qi+1 recoveredTesting hypotheses about qi .Attacking different control flow that occurs for different ciphertexts.Targeting multiplication optimizations (multiplication by zero vs.multiplication by a random number).Notation: A = 00 . . . 0︸ ︷︷ ︸

32bit

,00 . . . 0︸ ︷︷ ︸32bit

, . . . ,00 . . . 0︸ ︷︷ ︸32bit

, array of limbs.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):a) let qi = 1

q = q2048,q2047, . . . ,qi−1,1,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):b) let qi = 0

q = q2048,q2047, . . . ,qi−1,0,qi−1,qi−2, . . . ,q1

gi,0 = q2048,q2047, . . . ,qi−1,0,1, 1, . . . , 1

gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random lookingnumber.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

Experiment setup

Adaptive chosen cipher text attack

Ciphertext passed directly to modular exponentiation algorithm.Specially crafted ciphertext:gi,0 = q2048,q2047, . . . ,qi−1︸ ︷︷ ︸

topmost bits recovered

,0,1,1, . . . ,1︸ ︷︷ ︸rest are ones

Leakage: modular reduction (mod q):If qi = 1⇒ gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.If qi = 0⇒ gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bitrandom looking number.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 22 / 36

Experiment setup

Modular exponentiation

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 23 / 36

Experiment setup

Source of side-channel leakage

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 24 / 36

Experiment setup

Karatsuba

Recursive algorithm for fast integer multiplication in Θ(nlog23).Faster than schoolbook algorithm (for suitably larger integers).Based on the following identity:

u = uH |uL concatenation of high & low part

v = vH |vL

uv =

1.mult︷ ︸︸ ︷(22n + 2n)uHvH +

2.mult︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸

will be almost zero

)+

3.mult︷ ︸︸ ︷(2n + 1)vLuL

Ciphertext c is passed to Karatsuba as a second parameter.Special form of the ciphertext causes marked part to be zero.Recursion will invoke Karatsuba(uH − uL, vH − vL), leads tomultiplication by zero.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36

Experiment setup

Karatsuba

Recursive algorithm for fast integer multiplication in Θ(nlog23).Faster than schoolbook algorithm (for suitably larger integers).Based on the following identity:

u = uH |uL concatenation of high & low part

v = vH |vL

uv =

1.mult︷ ︸︸ ︷(22n + 2n)uHvH +

2.mult︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸

will be almost zero

)+

3.mult︷ ︸︸ ︷(2n + 1)vLuL

Ciphertext c is passed to Karatsuba as a second parameter.Special form of the ciphertext causes marked part to be zero.Recursion will invoke Karatsuba(uH − uL, vH − vL), leads tomultiplication by zero.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36

Experiment setup

Karatsuba

uv =

1.mult,h︷ ︸︸ ︷(22n + 2n)uHvH +

2.mult,t︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸

will be almost zero

)+

3.mult,l︷ ︸︸ ︷(2n + 1)vLuL

Karatsuba recursive expansion

If qi = 1⇒ c = q2048,q2047, . . . ,qi−1,0,1,1, . . . ,1⇒ many zerolimbs in 2nd mult. arg.If qi = 0⇒ c random-looking number

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36

Experiment setup

Karatsuba

uv =

1.mult,h︷ ︸︸ ︷(22n + 2n)uHvH +

2.mult,t︷ ︸︸ ︷2n(uH − uL)( vH − vL︸ ︷︷ ︸

will be almost zero

)+

3.mult,l︷ ︸︸ ︷(2n + 1)vLuL

Karatsuba recursive expansion

If qi = 1⇒ c = q2048,q2047, . . . ,qi−1,0,1,1, . . . ,1⇒ many zerolimbs in 2nd mult. arg.If qi = 0⇒ c random-looking number

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36

Experiment setup

Source of side-channel leakage

Computation is very fast (GHz), acoustic channel is narrow (kHz).Would not be able without amplification.Side-channel leakage function is called multiple times during onedecryption, 7× 12× 2048 = 172032Such number of invocations create detectable pattern (random vs.zero bits) in accoustic spectrum.

Karatsuba recursive expansion

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 27 / 36

Experiment setup

Source of side-channel leakage

(a) attacking 0 bit (b) attacking 1 bit

0

0.5

1

1.5

2

2.5

3

3.5

4

4.5

34 35 36 37 38 39

Pow

er (n

anov

olts

)

Frequency (kHz)

Attacked bit is 1Attacked bit is 0

(c) Frequency spectra of the second modular exponentiation

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 28 / 36

Experiment setup

Attack technicalities

More bits are recovered more closer frequency peaks in spectrumare.Analysis gets complicated, but the core idea still holds.Frequency spectrum for ciphertexts of size 2048 bits with varioussizes of zero words:

0

50000

100000

150000

200000

250000

35 35.5 36 36.5 37 37.5 38 38.5 39

num

ber o

f zer

o lim

bs in

the

seco

nd o

pera

nd o

f MU

L_B

AS

EC

AS

E

frequancy (kHz)

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 29 / 36

Experiment setup

Attack preview

-300

-280

-260

-240

-220

-200

-180

-160

35 35.5 36 36.5 37 37.5 38 38.5 39

Pow

er (d

B)

Frequency (kHz)

template for one bittemplate for zero bit

specturm of zero bit

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 30 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

1 Obtains acoustic trace of the second modular exponentiation.Obtain templates T 0,T 1.

2 Compute frequency spectrum s of the trace (sliding window FFT,median binning).

3 Peak smoothing (noise removal).4 Normalization (remove microphone pattern).5 Compute distance of a s from template T 0 and T 1 allowing some

shift (freq. left,right).6 Classification.7 Template update. Create new templates T 0,T 1 for next bit.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

Experiment setup

Attack scheme

If attack misclassifies some qi , use backtracking.Error is detected, next bits are still the same (e.g., ones).

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 32 / 36

Experiment setup

Countermeasures

Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

Experiment setup

Countermeasures

Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

Experiment setup

Countermeasures

Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

Experiment setup

Countermeasures

Artificial CPU load on another core. Does not work. Reducesleakage frequency 35− 38 kHz to 32− 35 kHZ actually helpingthe attack.Another side-channel fix (CPU cache, multiplication),multiplication is performed regardless di , doubling number ofmultiplications, helping the attack.Ciphertext randomization. Works. Let r be random 4096 bitnumber. (re × c)d × r−1 mod n = ced mod nModulus randomization. Works. Let t be random medium sizedinteger. Compute m′q = cdq mod (tq), then mq = m′qmod q.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

Experiment setup

Conclusions

Attack is realistic.Within one hour recovers 4096-bit private key.Attack: Mobile phone near laptop, performing attack, generatingciphertexts on the fly.Attack: hidden microphone in docking station, in table.Attack: self-spying (malware on the PC).

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 34 / 36

Experiment setup

Questions?

Questions?

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 35 / 36

Experiment setup

References & sources

https://www.cs.tau.ac.il/˜tromer/acoustic/

https://68kmla.org/forums/viewtopic.php?f=10&t=13101

https://eeepitnl.tksc.jaxa.jp/mews/jp/26th/data/2_12_4.pdf

http://www.bjorn3d.com/2013/09/asus-gtx-780-directcu-ii-oc/

http://img.techpowerup.org/120520/vrm.jpg

https://en.wikipedia.org/wiki/Piezoelectricity

Disclaimer: Images are not mine own, some of them may be from unknownsource. Appologies for not referencing them correctly.

Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 36 / 36