IACR News item: 26 November 2015
Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, Yuval Yarom
ePrint Report
Interference between processes executing on shared hardware can be used to mount performance-degradation attacks. However, in most cases, such attacks offer little benefit for the adversary. In this paper, we show that performance-degradation attacks can be used to amplify side-channel leaks, enabling the adversary to increase both the amount and the quality of information captured.
We describe a new microarchitectural performance-degradation attack that can slow victims down by a factor of over 150. We identify a new information leak in the OpenSSL implementation of the ECDSA digital signature algorithm. We show how to use the performance-degradation attack to amplify a side-channel enough to enable exploiting the new information leak. Using the combined attack, an adversary can break a private key of the secp256k1 curve, used in the Bitcoin protocol, after observing only 6 signatures. This result is over four times better than any previously described attack.
Additional news items may be found on the IACR news page.