Cache-Collision Timing Attacks Against AE

This paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. It defines a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicalable to most high-speed software AES implementations and computing platforms, it has implemented them against OpenSSL v. 0.9.8, running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples; an improvement of almost four orders of magnitude over the best previously published attacks of this type.