Originally posted by Old Grouch
View Post
-
you didn't make any point. of course constant-time code can have side channels, which is why faster constant-time code makes it more difficult to exploit side channels. if there were no side channels, the code being faster would have no effect on side channels. -
Stream En-/Decryption shouldn't have anything exploitable by sidechannels - the later depend on some branches or access-patterns to sniff out. Those are fixed, the entire control flow could be unrolled in advance.Originally posted by Old Grouch View Post
Leave a comment:
-
That is trivially true, and not addressing the point I made. Constant-time code can still have side-channels.Originally posted by hotaru View PostLeave a comment:
-
Unfortunately, this is not true.Originally posted by hotaru View Post
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Of course, constant-time code is a a good thing: but I get worried when people talk about performance optimisations, as that often means run-time reductions, and assuring that any particular optimisation maintains the constant-time property is not necessarily what the naive optimiser will be doing. On the other hand, I would hope naive coders are not working on OpenSSL.Leave a comment:
-
My concern about performance optimisations is whether they increase the availability of side-channel attacks.
Light Blue Touchpaper: When Layers of Abstraction Don’t Get Along: The Difficulty of Fixing Cache Side-Channel Vulnerabilities (2009-02-20)
Rambus: Side-channel attacks explained: everything you need to know (October 14, 2021)
Medium: Yan1x0s Side Channel Attacks — Part 1 ( Timing Analysis — Password Recovery) (Feb 14, 2021)
Medium: Yan1x0s Side Channel Attacks — Part 2 ( DPA & CPA applied on AES Attack ) (Apr 20, 2021)Leave a comment:
-
can find some Tigerlake benchmarks of tests I've done so far (and past) @ https://openbenchmarking.org/test/pts/openssl#resultsOriginally posted by spiral_23 View PostLeave a comment:
-
OpenSSL 3.1 Released With Performance Optimizations, More AVX-512
Phoronix: OpenSSL 3.1 Released With Performance Optimizations, More AVX-512
OpenSSL 3.1 is out today as the new stable release for this widely-used cryptographic library. There are a number of performance optimizations to enjoy with OpenSSL 3.1, including some additional AVX-512 tuning...
Leave a comment: