Openssl ECDSA vulnerable to Flush-Reload cache attacks?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Openssl ECDSA vulnerable to Flush-Reload cache attacks?

Huzaifa Sidhpurwala
Hi All,

Wondering openssl was contacted when the following paper was released:

http://eprint.iacr.org/2014/140.pdf

This seems similar to http://eprint.iacr.org/2013/448.pdf which affected GPG software, was assigned a CVE id and was fixed up GPG upstream.

Regards,

Huzaifa
Reply | Threaded
Open this post in threaded view
|

Re: Openssl ECDSA vulnerable to Flush-Reload cache attacks?

Billy Brumley
It does little good to fix that (GF(2**m) path) if they're not gonna fix this (GF(p) path) (which, after now 5 years, there is little hope of):

http://www.iacr.org/archive/asiacrypt2009/59120664/59120664.pdf

Of course I hope I'm proven wrong. (AFAIK some one-off solutions were picked up for certain curves, but nothing more.)

BBB




On Thu, Feb 27, 2014 at 10:16 PM, Huzaifa Sidhpurwala <[hidden email]> wrote:
Hi All,

Wondering openssl was contacted when the following paper was released:

http://eprint.iacr.org/2014/140.pdf

This seems similar to http://eprint.iacr.org/2013/448.pdf which affected GPG software, was assigned a CVE id and was fixed up GPG upstream.

Regards,

Huzaifa

Reply | Threaded
Open this post in threaded view
|

Re: Openssl ECDSA vulnerable to Flush-Reload cache attacks?

Yuval Yarom
This post has NOT been accepted by the mailing list yet.
In reply to this post by Huzaifa Sidhpurwala
OpenSSL and CERT were notified in October 2013.  About a moth ago I emailed a patch to OpenSSL.

Yuval

Huzaifa Sidhpurwala wrote
Wondering openssl was contacted when the following paper was released:

http://eprint.iacr.org/2014/140.pdf