التفاصيل البيبلوغرافية
| العنوان: |
Cache attacks on subkey calculation of Blowfish. |
| المؤلفون: |
Fan, Haopeng, Wang, Wenhao, Wang, Yongjuan, Wang, Xiangbin, Gao, Yang |
| المصدر: |
Journal of Computer Security; 2024, Vol. 32 Issue 2, p165-191, 27p |
| مصطلحات موضوعية: |
PUFFERS (Fish), BLOCK ciphers, TIME complexity, DATABASES |
| مستخلص: |
Cache attacks pose a serious security threat to cryptographic implementations in processor architectures. In this paper, we first propose cache attacks against Blowfish, which can break the protection of key-dependent S-box. This attack targets at the subkey calculation of Blowfish, and fully exploits features of the subkey calculation to construct a leakage equation group about the key. Without any knowledge of plaintext and ciphertext, the attacker only needs to obtain the cache leakage once to recover a variable-length key in minute-level time. More than that, we establish a leakage model for cache attack situations to evaluate the exhausting space of the intermediate value of block ciphers, and estimate the time complexity of cache attacks. In our experiments, we perform Flush + Reload and Prime + Probe attacks and recover the random key of Blowfish in OpenSSL 1.1.1h in 4 minutes. Furthermore, we have applied our attacks to existing systems, such as JavaScript-blowfish and Bcrypt. Our attack on JavaScript-blowfish can recover any plaintext input by the user. As for Bcrypt, our attack can recover the hash values stored in the database, thereby allowing attackers to impersonate the user's identity. [ABSTRACT FROM AUTHOR] |
|
Copyright of Journal of Computer Security is the property of IOS Press and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| قاعدة البيانات: |
Complementary Index |
