Campus Event Calendar

Event Entry

What and Who

Rational Protection Against Timing Attacks

Boris Köpf
IMDEA Software Institute Madrid

I joined the IMDEA Software Institute after completing my Ph.D. in the Information Security group of ETH Zurich and working as a postdoc in the Information Security and Cryptography Group of the Max Planck Institute for Software Systems. Before that, I studied mathematics at the Universidad de Chile, the Universidade Federal de Campinas, and the University of Konstanz, from which I received a M.Sc.
AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI  
Public Audience

Date, Time and Location

Thursday, 30 April 2015
60 Minutes
E1 5


Timing attacks can effectively recover keys from cryptosystems. While they can be defeated using constant-time implementations, this defensive approach comes at the price of a performance penalty.  One is hence faced with the problem of striking a balance between performance and security against timing attacks.

This talk presents a game-theoretic approach to the problem, for the case of cryptosystems based on discrete logarithms. Namely, we identify the optimal countermeasure configuration as an equilibrium in a game between a resource-bounded timing adversary who strives to maximize the probability of key recovery, and a defender who strives to reduce the cost while maintaining a certain degree of security. The key novelty in our approach are bounds for the probability of key recovery, which are expressed as a function of the countermeasure configuration and the attack strategy of the adversary.

We put our techniques to work for a library implementation of ElGamal. A highlight of our results is that we can formally justify the use of an aggressively tuned but (slightly) leaky implementation over a defensive constant-time implementation, for some parameter ranges. The talk concludes with an outlook on how similar analyses can be performed automatically and for more general classes of systems.


Sabine Nermerich
--email hidden
passcode not visible
logged in users only

Sabine Nermerich, 04/23/2015 12:25 -- Created document.