International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

David Kohlbrenner

Publications

Year
Venue
Title
2024
RWC
Hertzbleed: Claims of Constant-Time Execution Are Frequently Wrong
Yingchen Wang Riccardo Paccagnella Alan Wandke Zhao Gang Grant Garrett-Grossman Christopher W. Fletcher David Kohlbrenner Hovav Shacham
The recent Hertzbleed disclosure demonstrates how remote-timing analysis can reveal secret information previously only accessible to local-power analysis. At worst, this constitutes a fundamental break in the constant-time programming principles and the many deployed programs that rely on them. But all hope is not lost. Hertzbleed relies on a coarse-grained, noisy channel that is difficult to exploit. Indeed, the Hertzbleed paper required a bespoke cryptanalysis to attack a specific cryptosystem (SIKE). Thus, it remains unclear if Hertzbleed represents a threat to the broader security ecosystem. In this paper, we demonstrate that Hertzbleed's effects affect cryptosystems beyond SIKE. We demonstrate how latent gadgets in other cryptosystem implementations---specifically ``constant-time'' ECDSA and Classic McEliece---can be combined with existing cryptanalysis to bootstrap Hertzbleed attacks on those cryptosystems.
2024
RWC
GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
Boru Chen Yingchen Wang Pradyumna Shome Christopher W. Fletcher David Kohlbrenner Riccardo Paccagnella Daniel Genkin
Microarchitectural side-channel attacks have shaken the foundations of modern processor design. This talk will discuss the latest research on this topic.

Coauthors

Boru Chen (1)
Christopher W. Fletcher (2)
Zhao Gang (1)
Grant Garrett-Grossman (1)
Daniel Genkin (1)
David Kohlbrenner (2)
Riccardo Paccagnella (2)
Hovav Shacham (1)
Pradyumna Shome (1)
Alan Wandke (1)
Yingchen Wang (2)