Abstract
Constant-time technique is of crucial importance to prevent secrets of cryptographic algorithms from leakage by cache attacks. In this paper, we propose Permute-Scatter-Gather, a novel constant-time method for the modular exponentiation that is used in the RSA cryptosystem. On the basis of the scatter-gather design, our method utilizes pseudo-random permutation to obfuscate memory access patterns. Based on this strategy, the resistance against fine-grained cache attacks is ensured, i.e., providing the higher level of security than the existing scatter-gather implementations. Evaluation shows that our method outperforms the OpenSSL library at most 11% in the mainstream Intel processors.
Highlights
Cache attacks, such as Prime+Probe [1,2,3,4] and Flush+Reload [5,6,7,8,9,10], exploit the usage of CPU cache as a side channel to infer secret information of victim applications
In a naive lookup-based implementation, multipliers are located in separate memory lines, so accessing them would cause observable unique access patterns, which is susceptible to cache attacks
We propose Permute-Scatter-Gather, a novel constant-time method for the RSA modular exponentiation, which is resistant against fine-grained cache attacks
Summary
Cache attacks, such as Prime+Probe [1,2,3,4] and Flush+Reload [5,6,7,8,9,10], exploit the usage of CPU cache as a side channel to infer secret information of victim applications. The current implementation of the scatter-gather technique has the underlying assumption that cache adversaries only observe the access pattern at the granularity of cache line (i.e., 64 bytes) [19,20] Such assumption was broken as more fine-grained cache attack has been recently discovered. We propose Permute-Scatter-Gather, a novel constant-time method for the RSA modular exponentiation, which is resistant against fine-grained cache attacks. Based on the scatter-gather design, our technique employs a pseudo-random permutation for locating multipliers in a scattered memory layout Such permutation obfuscates the memory access pattern, prevents any adversaries even mounting fine-grained cache attacks from inferring the secret from the observations.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
