Introduction
When the running time of a cryptographic device is not constant, this time may leak information about the secret parameters involved, so that careful timing measurement and analysis may allow to recover the system's secret key. This idea first appeared in the scientific literature in 1996 [7].
Targeting implementation specificities, timing attacks belong to the side-channel attacks family, of which they were one of the first representatives (see also side-channel analysis).
Time Measurement
To conduct the attack, the adversary needs to collect a set (sample) of messages, together with their processing time by the cryptographic device. Running time might be obtained by measuring the question-answer delay, by monitoring the processor activity, etc.
One privileged target for timing attacks—as well as other side-channel attacks—is that of smart cards. A classical smart card (like defined by the ISO 7816 standard) is not equipped by an internal clock, but has its clock ticks...
This is a preview of subscription content, log in via an institution to check access.
References
Canvel, B., A. Hiltgen, S. Vaudenay, and M. Vuagnoux (2003). “Password interception in a SSL/TLS channel.” Advances in Cryptology—CRYPTO 2003 Lecture Notes in Computer Science, vol. 2729, ed. D. Boneh. Springer-Verlag, Berlin.
Cathalo, J., F. Koeune, and J.-J. Quisquater (2003). “A new type of timing attack: Application to GPS.” Cryptographic Hardware and Embedded Systems— CHES 2003. Lecture Notes in Computer Science, vol. 2779, eds. Burton, S. Kaliski, Çetin K. Koç, and Christof Paar. Springer-Verlag, Berlin.
Dhem, J.-F., F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems (1998). “A practical implementation of the timing attack.” Proceedings of CARDIS 1998, Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, vol. 1820, eds. J.-J. Quisquater and B. Schneier. Springer, Berlin.
Dhem, J.F. (1998). “Design of an efficient public-key cryptographic library for risc-based smart cards.” PhD Thesis, UCL Crypto Group, Laboratoire de microélectronique (DICE), Université catholique de Louvain.
Handschuh, H. and H. Heys (1998). “A timing attack on RC5.” Proceedings of SAC'98, Lecture Notes in Computer Science, vol. 1556, eds. S.E. Tavares and H. Meijer. Springer, Berlin, 306–318.
Katagi, M., I. Kitamura, T. Akishita, and T. Takagi (2002). “A timing attack on hyperelliptic curve cryptosystems.” Cryptology ePrint Archive: Report 2002/203. Available at http://eprint.iacr.org
Kocher, P. (1996). “Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems,” Advances in Cryptology—CRYPTO'96, Santa Barbara, CA, Lecture Notes in Computer Science, vol. 1109, ed. N. Koblitz. Springer, Berlin, 104–113.
Schindler, W., J.-J. Quisquater, and F. Koeune (2001). “Improving divide and conquer attacks against cryptosystems by better error detection correction strategies.” Proceedings of 8th IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science, vol. 2260, ed. B. Honary. Springer Berlin. December 2001, 245–267.
Colin, D. Walter (1999). “Montgomery's multiplication technique: How to make it smaller and faster.” Cryptographic Hardware and Embedded Systems—CHES'99, August, Lecture Notes in Computer Science, vol. 1717, eds. Çetin K. Koç and Christof Paar. Springer-Verlag, Berlin, 80–93.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Koeune, F. (2005). Timing attack. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_432
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_432
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering