Predicting Secret Keys via Branch Prediction

Friday, January 25, 2008 - 4:53pm

Çetin Kaya Koç, Oregon State University & Istanbul Technical University
TIME: 3:30 – 4:30 p.m.
PLACE: Computer Science Conference Room, Harold Frank Hall Rm. 1132

We give an overview of a new software side-channel attack, enabled by the branch prediction capability common to all modern high-performance CPUs. The penalty paid (extra clock cycles) for a miss-predicted branch can be used for cryptanalysis of cryptographic primitives that employ a data-dependent program flow. Analogous to the cache-based side-channel attacks, this attack allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization. We discuss in detail several such attacks for the RSA cryptosystem, and experimentally show their applicability to real systems. The practical results from our experiments should be encouraging engineers to think about efficient and secure software mitigations for such side-channel attacks. Additionally, we introduce several new hardware countermeasures.

Çetin Kaya Koç (Koç ~ coach) received his Ph.D. in Electrical & Computer Engineering from University of California, Santa Barbara in 1988. He was an Assistant Professor at University of Houston (1988-1992), Assistant, Associate and Full Professor at Oregon State University (since 1992). He established Information Security Laboratory at OSU, and graduated 14 Ph.D. students, 8 of whom are currently professors. In September 2001, he received OSU College of Engineering Research Award for Outstanding and Sustained Research Leadership. His research interests are in algorithms and architectures for cryptography, computer arithmetic and embedded systems. He has co-founded Workshop on Cryptographic Hardware and Embedded Systems ( in 1999 and has been the program chair and proceedings editor from 1999 to 2003. He is now a permanent member of the steering committee of CHES. Recently, he has also co-founded a new conference, International Workshop on the Arithmetic of Finite Fields (, which is a forum of engineers and mathematicians interested in efficient software and hardware realizations of finite fields. He has co-authored one book, Cryptographic Algorithms on Reconfigurable Hardware, published by Springer. His second book, Cryptographic Engineering, is soon to be published by Springer. He has been an associate editor of IEEE Transactions on Computers and IEEE Transactions on Mobile Computing, and guest co-editor of two issues (in 2003 & 2008) of IEEE Transactions on Computers on cryptographic and cryptanalytic hardware and embedded systems. He is an IEEE Fellow since 2007 for contributions to cryptographic engineering.