English
Related papers

Related papers: Eliminating Timing Side-Channel Leaks using Progra…

200 papers

We propose a data-driven method for synthesizing a static analyzer to detect side-channel information leaks in cryptographic software. Compared to the conventional way of manually crafting such a static analyzer, which can be labor…

Software Engineering · Computer Science 2021-02-16 Jingbo Wang , Chungha Sung , Mukund Raghothaman , Chao Wang

The wide deployment of Large Language Models (LLMs) has given rise to strong demands for optimizing their inference performance. Today's techniques serving this purpose primarily focus on reducing latency and improving throughput through…

Cryptography and Security · Computer Science 2025-10-22 Linke Song , Zixuan Pang , Wenhao Wang , Zihao Wang , XiaoFeng Wang , Hongbo Chen , Wei Song , Yier Jin , Dan Meng , Rui Hou

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

With the recent advancements in machine learning theory, many commercial embedded micro-processors use neural network models for a variety of signal processing applications. However, their associated side-channel security vulnerabilities…

Cryptography and Security · Computer Science 2021-03-30 Saurav Maji , Utsav Banerjee , Anantha P. Chandrakasan

Confidential virtual machines (CVMs) based on trusted execution environments (TEEs) enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such…

Cryptography and Security · Computer Science 2025-12-15 Ruiyi Zhang , Albert Cheu , Adria Gascon , Daniel Moghimi , Phillipp Schoppmann , Michael Schwarz , Octavian Suciu

Recent work has shown that Just-In-Time (JIT) compilation can introduce timing side-channels to constant-time programs, which would otherwise be a principled and effective means to counter timing attacks. In this paper, we propose a novel…

Programming Languages · Computer Science 2022-03-01 Qi Qin , JulianAndres JiYang , Fu Song , Taolue Chen , Xinyu Xing

Timing channels are a significant and growing security threat in computer systems, with no established solution. We have recently argued that the OS must provide time protection, in analogy to the established memory protection, to protect…

Operating Systems · Computer Science 2019-01-25 Gernot Heiser , Gerwin Klein , Toby Murray

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth

We demonstrate that the format in which private keys are persisted impacts Side Channel Analysis (SCA) security. Surveying several widely deployed software libraries, we investigate the formats they support, how they parse these keys, and…

Cryptography and Security · Computer Science 2020-04-02 Cesar Pereida García , Sohaib ul Hassan , Nicola Tuveri , Iaroslav Gridin , Alejandro Cabrera Aldaya , Billy Bob Brumley

Compression algorithms are widely used as they save memory without losing data. However, elimination of redundant symbols and sequences in data leads to a compression side channel. So far, compression attacks have only focused on the…

Cryptography and Security · Computer Science 2021-11-17 Martin Schwarzl , Pietro Borrello , Gururaj Saileshwar , Hanna Müller , Michael Schwarz , Daniel Gruss

Trusted execution environments (TEEs) provide an environment for running workloads in the cloud without having to trust cloud service providers, by offering additional hardware-assisted security guarantees. However, main memory encryption…

Cryptography and Security · Computer Science 2023-09-25 Jan Wichelmann , Anna Pätschke , Luca Wilke , Thomas Eisenbarth

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify…

Cryptography and Security · Computer Science 2019-12-13 Tianwei Zhang , Jun Jiang , Yinqian Zhang

This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…

Cryptography and Security · Computer Science 2017-09-07 Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun Kanuparthi , Thomas Eisenbarth , Berk Sunar

This paper demonstrates a new side-channel that enables an adversary to extract sensitive information about inference inputs in large language models (LLMs) based on the number of output tokens in the LLM response. We construct attacks…

Machine Learning · Computer Science 2024-12-23 Tianchen Zhang , Gururaj Saileshwar , David Lie

Cache side-channel attacks exhibit severe threats to software security and privacy, especially for cryptosystems. In this paper, we propose CaType, a novel refinement type-based tool for detecting cache side channels in crypto software.…

Cryptography and Security · Computer Science 2022-10-20 Ke Jiang , Yuyan Bao , Shuai Wang , Zhibo Liu , Tianwei Zhang

Cryptographic libraries are a main target of timing side-channel attacks. A practical means to protect against these attacks is to adhere to the constant-time (CT) policy. However, it is hard to write constant-time code, and even…

Programming Languages · Computer Science 2025-10-15 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Youcef Bouzid , Sören van der Wall , Zhiyuan Zhang

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

Cybersecurity continues to be a difficult issue for society especially as the number of networked systems grows. Techniques to protect these systems range from rules-based to artificial intelligence-based intrusion detection systems and…

Cryptography and Security · Computer Science 2022-05-10 Paul Maxwell , David Niblick , Daniel C. Ruiz

Developers rely on constant-time programming to prevent timing side-channel attacks. But these efforts can be undone by compilers, whose optimizations may silently reintroduce leaks. While recent works have measured the extent of such…

Cryptography and Security · Computer Science 2025-07-09 Antoine Geimer , Clementine Maurice

Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA. These attacks take advantage of the algorithm implementation in hardware or software to extract secret…

Cryptography and Security · Computer Science 2022-12-06 Rodothea Myrsini Tsoupidi , Roberto Castañeda Lozano , Elena Troubitsyna , Panagiotis Papadimitratos