Timing Attacks due to Branch Predictions: A Presentation Tutorial

In this project, I aim to give a presentation based on Chapter 9 of the book TimingChannels in Cryptography [1]. In this presentation, I will cover the author’s understand-ing and viewpoint on Timing attacks based on Branch Predictions. This will mostly dealwith trying to crack RSA exponentiation, and will cover explaining various algorithmswhere branching plays a large role like Square and Multiply, Montgomery PoweringLadder and Montgomery Multiplication. The core idea that is leveraged in trying todesign these attacks deals with branch mispredictions, and how they cost CPU time, aspipelined processors need to flush previously fetched instructions if a branch mispredic-tion occurs. This time differential is exploited by attackers in order to learn valuableinformation about the secret exponent d.The tutorial will cover general timing attacks as well as both asynchronous and syn-chronous attacks on the Square and Multiply algorithm based on Montgomery multi-plication. We will also explore trace driven attacks targeting the Branch Target Buffer(BTB) and how they actually work.Additionally, we will also look at some obvious ways of mitigating timing attacks ingeneral, focusing on constant and random time implementations that cannot exploit thetiming variations caused by branch predictions. References[1] C. Rebeiro, D. Mukhopadhyay, and S. Bhattacharya, Timing Channels in Cryptog-raphy. Springer, 2015.