A group of researchers from Texas, Illinois and Washington Universities revealed information about the new family of attacks on third-party channels (CVE-2022- 23823, CVE-2022-24436), which received the code name hertzbleed . The proposed attack method is based on the features of dynamic frequency management in modern processors and affects all the current CPU Intel and AMD. Potentially, the problem can also be manifested in processors of other manufacturers who support the dynamic frequency change, for example, in ARM systems, but the study was limited to checking the Intel and AMD chips. The initial texts with the implementation of the attack method published on the GITHUB (implementation is tested on a computer with CPU Intel i7-9700).
To optimize energy consumption and preventing overheating, processors dynamically change the frequency depending on the load, which leads to a change in performance and affects the time of operations (a frequency change by 1 Hz leads to a change in productivity by 1 cycle per second). In the course of the study, it was found that under certain conditions on AMD and Intel processors, the frequency change directly correlates with the processed data, which, for example, leads to the fact that the time of calculating operations “2022 + 23823” and “2022 + 24436” will differ.
Based on the analysis of the differences in the execution of operations with different data, you can indirectly restore the information used in calculations. At the same time, in high -speed networks with predictable constant delays, the attack can be carried out remotely, evaluating the time of execution of requests.
During the successful attack, the identified problems allow you to determine closed keys based on an analysis of the calculation time in cryptographic libraries using algorithms, mathematical calculations in which are always performed in a constant time, regardless of the nature of the processed data. Such libraries were considered protected from attacks by third -party channels, but as it turned out, the calculation time is determined not only by the algorithm, but also by the processor work.
as a practical example showing the realism of the proposed method, an attack is demonstrated on the implementation of the keyscuration mechanism of sike (superSingular isogeny key encapsulation), which entered it, which entered In the final of the competition of post -quantum cryptosystems conducted by the National Institute of Standards and Technologies of the United States (NIST), and is positioned as protected from attacks on third -party channels. During the experiment using the new version attacks based on the selected cipher sequelkest