RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Acoustic side-channel cryptanalysis. Recovering RSA GPG private key using hardware acoustic emanations.

1. Intro
Acoustic side-channel cryptanalysis
Dušan Klinec
Faculty of Informatics
Masaryk university
Brno
13. 3. 2014
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 1 / 36

2. Intro
Source paper
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Daniel Genkin, Technion and Tel Aviv University;
Adi Shamir, Weizmann Institute of Science;
Eran Tromer, Tel Aviv University
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 2 / 36

3. Source of the sound
What is it about
Extracts RSA private key by
observing acoustic side-channel leak
during decryption.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 3 / 36

4. Source of the sound
Acoustic, really?
Why does modern PC emit audible
noise?
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 4 / 36

5. Source of the sound
Capacitor noise
High-pitched audible noise - capacitor is culprit #1.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 5 / 36

6. Source of the sound
Capacitor noise - why?
Piezoelectric effect.
The internal generation of a mechanical strain resulting from an
applied electrical field.
Note: Reversible, not interested in inverse right now.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36

7. Source of the sound
Capacitor noise - why?
Piezoelectric effect.
The internal generation of a mechanical strain resulting from an
applied electrical field.
Note: Reversible, not interested in inverse right now.
Ti , Zr2+
Pb 4+
T < T
4+2–
O
P
C
T > TC
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 6 / 36

8. Source of the sound
Capacitor noise - how exactly?
L-T L-W
Before
applying
voltage
After
applying
voltage
LW with metal
terminal
The large portion of
modification
is made into Free.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36

9. Source of the sound
Capacitor noise - how exactly?
L-T L-W
Before
applying
voltage
After
applying
voltage
LW with metal
terminal
The large portion of
modification
is made into Free.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 7 / 36

10. Source of the sound
Coil - culprit #2
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36

11. Source of the sound
Coil - culprit #2
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 8 / 36

12. Source of the sound
Sound source
Dynamics of the pulse-width-modulation-based voltage regulator
circuitry.
Regulates emount of energy for CPU.
Best mic mounting: fan exhaust, ethernet port.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 9 / 36

13. Experiment setup
Lab grade setup
1.25M saples per second, professional HW
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 10 / 36

14. Experiment setup
Portable setup
200k saples per second, 100kHz resolution.
Attack works up to 1 m, (4 m with parabolic mic).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 11 / 36

15. Experiment setup
Mobile setup
48k saples per second, low sensitivity, noise, pushing to the limits.
attack works up to the 30 cm distance.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 12 / 36

16. Experiment setup
Acoustic noise – multiple devices tested
(a) Asus N55SF (b) Dell Inspiron 7720 (c) HP ProBook 4530s
(d) HP Pavilion Sleek book 15-b005ej (e) Samsung NP300V5A (f) Lenovo ThinkPad W530
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 13 / 36

17. Experiment setup
Attack scenario
Attacking several GnuPG implementations.
Goal: recovery of a 4096 bit private key.
Adaptive chosen cipher text attack.
Recovers priv. key bit-by-bit. Requires to observe at least 2048
decryptions (n = pq).
Attack vector: Enigmail - Thunderbird GPG plugin, automatically
decrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

18. Experiment setup
Attack scenario
Attacking several GnuPG implementations.
Goal: recovery of a 4096 bit private key.
Adaptive chosen cipher text attack.
Recovers priv. key bit-by-bit. Requires to observe at least 2048
decryptions (n = pq).
Attack vector: Enigmail - Thunderbird GPG plugin, automatically
decrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

19. Experiment setup
Attack scenario
Attacking several GnuPG implementations.
Goal: recovery of a 4096 bit private key.
Adaptive chosen cipher text attack.
Recovers priv. key bit-by-bit. Requires to observe at least 2048
decryptions (n = pq).
Attack vector: Enigmail - Thunderbird GPG plugin, automatically
decrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

20. Experiment setup
Attack scenario
Attacking several GnuPG implementations.
Goal: recovery of a 4096 bit private key.
Adaptive chosen cipher text attack.
Recovers priv. key bit-by-bit. Requires to observe at least 2048
decryptions (n = pq).
Attack vector: Enigmail - Thunderbird GPG plugin, automatically
decrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

21. Experiment setup
Attack scenario
Attacking several GnuPG implementations.
Goal: recovery of a 4096 bit private key.
Adaptive chosen cipher text attack.
Recovers priv. key bit-by-bit. Requires to observe at least 2048
decryptions (n = pq).
Attack vector: Enigmail - Thunderbird GPG plugin, automatically
decrypts incoming message.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 14 / 36

22. Experiment setup
Corelation of acoustic noise with executed code
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 15 / 36

23. Experiment setup
Corelation of acoustic noise with code length
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 16 / 36

24. Experiment setup
RSA implementation in GPG
n = pq where n is public modulus, p, q private prime numbers.
e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))
Normal RSA decryption: m = cd (mod n)
Optimization (by factor of 4):
dp = d (mod (p − 1))
dq = d (mod (q − 1))
m1 = cdp
(mod p)
m2 = cdq
(mod q)
m = combine m1 and m2 using CRT
Thus 2 modular exponentiations, attacking 2nd prime.
Signal is somehow stabilized after first one, better SNR.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36

25. Experiment setup
RSA implementation in GPG
n = pq where n is public modulus, p, q private prime numbers.
e public, d secret private exponent, ed ≡ 1 (mod ϕ(n))
Normal RSA decryption: m = cd (mod n)
Optimization (by factor of 4):
dp = d (mod (p − 1))
dq = d (mod (q − 1))
m1 = cdp
(mod p)
m2 = cdq
(mod q)
m = combine m1 and m2 using CRT
Thus 2 modular exponentiations, attacking 2nd prime.
Signal is somehow stabilized after first one, better SNR.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 17 / 36

26. Experiment setup
Attack 1 - Key distinguishability
5 GnuPG RSA signatures executed on a Lenovo ThinkPad T61.
The transitions between p, q marked with yellow arrows.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 18 / 36

27. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

28. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

29. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

30. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

31. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

32. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

33. Experiment setup
Attack 2 - Key extraction
Determines secret factor q, one bit at time, from MSB to LSB.
Notation: i-th bit qi of q, starting from MSB, (i = 2048).
Incremental: Assumes key bits b2048 . . . qi+1 recovered
Testing hypotheses about qi.
Attacking different control flow that occurs for different ciphertexts.
Targeting multiplication optimizations (multiplication by zero vs.
multiplication by a random number).
Notation: A = 00 . . . 0
32bit
, 00 . . . 0
32bit
, . . . , 00 . . . 0
32bit
, array of limbs.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 19 / 36

34. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

35. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

36. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

37. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

38. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

39. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

40. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
a) let qi = 1
q = q2048, q2047, . . . , qi−1, 1, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 20 / 36

41. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

42. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

43. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

44. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

45. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

46. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
b) let qi = 0
q = q2048, q2047, . . . , qi−1, 0, qi−1,qi−2, . . . , q1
gi,0
= q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1
gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit random looking
number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 21 / 36

47. Experiment setup
Adaptive chosen cipher text attack
Ciphertext passed directly to modular exponentiation algorithm.
Specially crafted ciphertext:
gi,0 = q2048, q2047, . . . , qi−1
topmost bits recovered
, 0, 1, 1, . . . , 1
rest are ones
Leakage: modular reduction (mod q):
If qi = 1 ⇒ gi,0 < q ⇒ gi,0 mod q = gi,0, preserves pattern of gi,0.
If qi = 0 ⇒ gi,0 ≥ q ⇒ gi,0 mod q = gi,0 − q, is a (i − 1)-bit
random looking number.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 22 / 36

48. Experiment setup
Modular exponentiation
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 23 / 36

49. Experiment setup
Source of side-channel leakage
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 24 / 36

50. Experiment setup
Karatsuba
Recursive algorithm for fast integer multiplication in Θ(nlog23).
Faster than schoolbook algorithm (for suitably larger integers).
Based on the following identity:
u = uH|uL concatenation of high & low part
v = vH|vL
uv =
1.mult
(22n
+ 2n
)uHvH +
2.mult
2n
(uH − uL)( vH − vL
will be almost zero
) +
3.mult
(2n
+ 1)vLuL
Ciphertext c is passed to Karatsuba as a second parameter.
Special form of the ciphertext causes marked part to be zero.
Recursion will invoke Karatsuba(uH − uL, vH − vL), leads to
multiplication by zero.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36

51. Experiment setup
Karatsuba
Recursive algorithm for fast integer multiplication in Θ(nlog23).
Faster than schoolbook algorithm (for suitably larger integers).
Based on the following identity:
u = uH|uL concatenation of high & low part
v = vH|vL
uv =
1.mult
(22n
+ 2n
)uHvH +
2.mult
2n
(uH − uL)( vH − vL
will be almost zero
) +
3.mult
(2n
+ 1)vLuL
Ciphertext c is passed to Karatsuba as a second parameter.
Special form of the ciphertext causes marked part to be zero.
Recursion will invoke Karatsuba(uH − uL, vH − vL), leads to
multiplication by zero.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 25 / 36

52. Experiment setup
Karatsuba
uv =
1.mult,h
(22n
+ 2n
)uHvH +
2.mult,t
2n
(uH − uL)( vH − vL
will be almost zero
) +
3.mult,l
(2n
+ 1)vLuL
Karatsuba recursive expansion
If qi = 1 ⇒ c = q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1 ⇒ many zero
limbs in 2nd mult. arg.
If qi = 0 ⇒ c random-looking number
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36

53. Experiment setup
Karatsuba
uv =
1.mult,h
(22n
+ 2n
)uHvH +
2.mult,t
2n
(uH − uL)( vH − vL
will be almost zero
) +
3.mult,l
(2n
+ 1)vLuL
Karatsuba recursive expansion
If qi = 1 ⇒ c = q2048, q2047, . . . , qi−1, 0, 1, 1, . . . , 1 ⇒ many zero
limbs in 2nd mult. arg.
If qi = 0 ⇒ c random-looking number
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 26 / 36

54. Experiment setup
Source of side-channel leakage
Computation is very fast (GHz), acoustic channel is narrow (kHz).
Would not be able without amplification.
Side-channel leakage function is called multiple times during one
decryption, 7 × 12 × 2048 = 172032
Such number of invocations create detectable pattern (random vs.
zero bits) in accoustic spectrum.
Karatsuba recursive expansion
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 27 / 36

55. Experiment setup
Source of side-channel leakage
(a) attacking 0 bit (b) attacking 1 bit
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
34 35 36 37 38 39
Power(nanovolts)
Frequency (kHz)
Attacked bit is 1
Attacked bit is 0
(c) Frequency spectra of the second modular exponentiation
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 28 / 36

56. Experiment setup
Attack technicalities
More bits are recovered more closer frequency peaks in spectrum
are.
Analysis gets complicated, but the core idea still holds.
Frequency spectrum for ciphertexts of size 2048 bits with various
sizes of zero words:
0
50000
100000
150000
200000
250000
35 35.5 36 36.5 37 37.5 38 38.5 39
numberofzerolimbsinthesecondoperandofMUL_BASECASE
frequancy (kHz)
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 29 / 36

57. Experiment setup
Attack preview
-300
-280
-260
-240
-220
-200
-180
-160
35 35.5 36 36.5 37 37.5 38 38.5 39
Power(dB)
Frequency (kHz)
template for one bit
template for zero bit
specturm of zero bit
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 30 / 36

58. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

59. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

60. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

61. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

62. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

63. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

64. Experiment setup
Attack scheme
1 Obtains acoustic trace of the second modular exponentiation.
Obtain templates T0, T1.
2 Compute frequency spectrum s of the trace (sliding window FFT,
median binning).
3 Peak smoothing (noise removal).
4 Normalization (remove microphone pattern).
5 Compute distance of a s from template T0 and T1 allowing some
shift (freq. left,right).
6 Classification.
7 Template update. Create new templates T0, T1 for next bit.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 31 / 36

65. Experiment setup
Attack scheme
If attack misclassifies some qi, use backtracking.
Error is detected, next bits are still the same (e.g., ones).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 32 / 36

66. Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reduces
leakage frequency 35 − 38 kHz to 32 − 35 kHZ actually helping
the attack.
Another side-channel fix (CPU cache, multiplication),
multiplication is performed regardless di, doubling number of
multiplications, helping the attack.
Ciphertext randomization. Works. Let r be random 4096 bit
number. (re × c)d × r−1 mod n = ced mod n
Modulus randomization. Works. Let t be random medium sized
integer. Compute mq = cdq mod (tq), then mq = mqmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

67. Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reduces
leakage frequency 35 − 38 kHz to 32 − 35 kHZ actually helping
the attack.
Another side-channel fix (CPU cache, multiplication),
multiplication is performed regardless di, doubling number of
multiplications, helping the attack.
Ciphertext randomization. Works. Let r be random 4096 bit
number. (re × c)d × r−1 mod n = ced mod n
Modulus randomization. Works. Let t be random medium sized
integer. Compute mq = cdq mod (tq), then mq = mqmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

68. Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reduces
leakage frequency 35 − 38 kHz to 32 − 35 kHZ actually helping
the attack.
Another side-channel fix (CPU cache, multiplication),
multiplication is performed regardless di, doubling number of
multiplications, helping the attack.
Ciphertext randomization. Works. Let r be random 4096 bit
number. (re × c)d × r−1 mod n = ced mod n
Modulus randomization. Works. Let t be random medium sized
integer. Compute mq = cdq mod (tq), then mq = mqmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

69. Experiment setup
Countermeasures
Artificial CPU load on another core. Does not work. Reduces
leakage frequency 35 − 38 kHz to 32 − 35 kHZ actually helping
the attack.
Another side-channel fix (CPU cache, multiplication),
multiplication is performed regardless di, doubling number of
multiplications, helping the attack.
Ciphertext randomization. Works. Let r be random 4096 bit
number. (re × c)d × r−1 mod n = ced mod n
Modulus randomization. Works. Let t be random medium sized
integer. Compute mq = cdq mod (tq), then mq = mqmod q.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 33 / 36

70. Experiment setup
Conclusions
Attack is realistic.
Within one hour recovers 4096-bit private key.
Attack: Mobile phone near laptop, performing attack, generating
ciphertexts on the fly.
Attack: hidden microphone in docking station, in table.
Attack: self-spying (malware on the PC).
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 34 / 36

71. Experiment setup
Questions?
Questions?
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 35 / 36

72. Experiment setup
References & sources
https://www.cs.tau.ac.il/˜tromer/acoustic/
https://68kmla.org/forums/viewtopic.php?f=10&t=13101
https://eeepitnl.tksc.jaxa.jp/mews/jp/26th/data/2_12_4.pdf
http://www.bjorn3d.com/2013/09/asus-gtx-780-directcu-ii-oc/
http://img.techpowerup.org/120520/vrm.jpg
https://en.wikipedia.org/wiki/Piezoelectricity
Disclaimer: Images are not mine own, some of them may be from unknown
source. Appologies for not referencing them correctly.
Dušan Klinec (FI MUNI) Ph4r05 13. 3. 2014 36 / 36