Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs

Andrey Bogdanov, Thomas Eisenbarth, Christof Paar, Malte Wienecke


This paper proposes a new type of cache-collision timing attacks on software implementations of AES. Our major technique is of differential nature and is based on the internal cryptographic properties of AES, namely, on the MDS property of the linear code providing the diffusion matrix used in the MixColumns transform. It is a chosen-plaintext attack where pairs of AES executions are treated differentially. The method can be easily converted into a chosen-ciphertext attack. We also thoroughly study the physical behavior of cache memory enabling this attack.
Original languageEnglish
Title of host publicationTopics in Cryptology - CT-RSA 2010
EditorsJosef Pieprzyk
Number of pages17
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Publication date03.2010
ISBN (Print)978-3-642-11924-8
ISBN (Electronic)978-3-642-11925-5
Publication statusPublished - 03.2010
EventThe Cryptographers’ Track at the RSA Conference 2010 - San Francisco, United States
Duration: 01.03.201005.03.2010


Dive into the research topics of 'Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs'. Together they form a unique fingerprint.

Cite this