wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Baptiste Jonglez <baptiste@bitsofnetworks.org>
To: wireguard@lists.zx2c4.com
Subject: NetSpectre / AVX2 timing side-channel attack
Date: Fri, 27 Jul 2018 12:29:41 +0200	[thread overview]
Message-ID: <20180727102941.GB25131@lud.localdomain> (raw)

[-- Attachment #1: Type: text/plain, Size: 571 bytes --]

Hi,

Here is an interesting side-channel attack that uses AVX2 timing to
potentially extract private key material (read section 4.2):

  https://news.ycombinator.com/item?id=17621823
  https://misc0110.net/web/files/netspectre.pdf

It is based on a power-saving feature: after being idle for 1 ms,
the AVX2 unit in Intel processors is powered off, which greatly increases
latency for the next AVX2 instruction.

Of course, to be exploited, the code would need to perform AVX2
instructions conditionnally.  I'd be curious to know if it is the case in
Wireguard.

Baptiste

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

                 reply	other threads:[~2018-07-27 10:20 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180727102941.GB25131@lud.localdomain \
    --to=baptiste@bitsofnetworks.org \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).