FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks.There are three essential factors in this attack,which are monitored instructions.threshold and waiting interval.However,existing literature seldom exploit how and why they could affect the system.This paper aims to study the impacts of these three parameters,and the method of how to choose optimal values.The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed.How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed.Meanwhile,the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified.Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm.The results show that the average success rate of full RSA key recovery is89.67%.
This article proposes an enhanced differential fault analysis(DFA) method named as fault-propagation pattern-based DFA(FPP-DFA).The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path.It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation,which is applied to two block ciphers.The first is PRESENT with the substitution permutation sequence.With the fault model of injecting one nibble fault into the r-2nd round,on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 214.7 and 221.1,respectively.The second is PRINTcipher with the permutation substitution sequence.For the first time,it shows that although the permutation of PRINTcipher is secret key dependent,FPP-DFA still works well on it.With the fault model of injecting one nibble fault into the r-2nd round,12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 213.7 and 222.8,respectively.
