Cryptanalysis of Di e - Hellman , RSA , DSS , and Other Systems Using Timing Attacks

Cryptosystems often take slightly di erent amounts of time to process di erent messages. With network-based cryptosystems, cryptographic tokens, and many other applications, attackers can measure the amount of time used to complete cryptographic operations. This abstract shows that timing channels can, and often do, leak key material. The attacks are particularly alarming because they often require only known ciphertext, work even if timing measurements are somewhat inaccurate, are computationally easy, and are di cult to detect. This preliminary draft outlines attacks that can nd secret exponents in Di e-Hellman key exchange, factor RSA keys, and nd DSS secret parameters. Other symmetric and asymmetric cryptographic functions are also at risk. A complete description of the attack will be presented in a full paper, to be released later. I conclude by noting that closing timing channels is often more di cult than might be expected.