US 9,813,235 B2
Resistance to cache timing attacks on block cipher encryption
Debdeep Mukhopadhyay, Howrah (IN); and Chester Dominic Rebeiro, Bangalore (IN)
Assigned to INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR, Kharagpur, West Bengal (IN)
Appl. No. 14/350,044
Filed by INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR, Kharagpur (IN)
PCT Filed Apr. 25, 2013, PCT No. PCT/IB2013/053260
§ 371(c)(1), (2) Date Apr. 4, 2014,
PCT Pub. No. WO2014/140698, PCT Pub. Date Sep. 18, 2014.
Claims priority of application No. 267/KOL/2013 (IN), filed on Mar. 11, 2013.
Prior Publication US 2015/0249535 A1, Sep. 3, 2015
Int. Cl. H04L 29/06 (2006.01); H04L 9/06 (2006.01); G06F 21/72 (2013.01); H04L 9/00 (2006.01); H04L 9/14 (2006.01)
CPC H04L 9/0618 (2013.01) [G06F 21/725 (2013.01); H04L 9/005 (2013.01); H04L 9/14 (2013.01); H04L 2209/08 (2013.01); H04L 2209/24 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computing system, comprising:
a memory comprising executable instructions; and
a processor that, in response to execution of the executable instructions, performs or controls performance of operations comprising:
identify a processor architecture of the processor which will execute a block cipher, wherein the identification of the processor architecture comprises processor and cache information being obtained from at leak one of an operating system or a hypervisor;
access a data structure that stores parameters and parameter values mapped to block cipher and processor architecture combinations, wherein the parameters include at least one of a number of tables used in a block cipher implementation, a number of iterations in the block cipher implementation, and at least one of a number of key-related lookups per table per iteration, a table size, a number of table elements that share a cache line; or an indication of whether a lookup table incorporates permutation as well as substitution, and wherein the data structure maps from the identified processor architecture to at least one block cipher encryption algorithm parameter value;
determine the at least one block cipher encryption algorithm parameter value that maps to the identified processor architecture, wherein the at least one block cipher encryption algorithm parameter value is determined based on an execution time variance of a block cipher encryption algorithm on the identified processor architecture; and
implement the block cipher encryption algorithm by use of the at least one block cipher encryption algorithm parameter value and an encryption key to venerate encrypted data, wherein the data structure maps from the identified processor architecture to the at least one block cipher encryption algorithm parameter value such that the implementation of the block cipher encryption algorithm by the use of the at least one block cipher encryption algorithm parameter value reduces an effectiveness of cryptanalytic cache timing attacks against the implementation of the block cipher encryption algorithm.