Show simple item record

dc.contributor.author
Schneider, Moritz
dc.contributor.author
Lain, Daniele
dc.contributor.author
Puddu, Ivan
dc.contributor.author
Dutly, Nicolas
dc.contributor.author
Capkun, Srdjan
dc.date.accessioned
2024-10-21T11:03:30Z
dc.date.available
2024-10-21T09:09:20Z
dc.date.available
2024-10-21T11:02:59Z
dc.date.available
2024-10-21T11:03:30Z
dc.date.issued
2024-10-17
dc.identifier.other
10.48550/arXiv.2410.13489
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/700923
dc.identifier.doi
10.3929/ethz-b-000700923
dc.description.abstract
The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid. Examples include performing arithmetic operations to choose between two variables instead of executing a secret-dependent branch. However, such techniques are only meaningful if they persist across compilation. In this paper, we investigate how optimizations used by modern compilers break the protections introduced by defensive programming techniques. Specifically, how compilers break high-level constant-time implementations used to mitigate timing side-channel attacks. We run a large-scale experiment to see if such compiler-induced issues manifest in state-of-the-art cryptographic libraries. We develop a tool that can profile virtually any architecture, and we use it to run trace-based dynamic analysis on 44,604 different targets. Particularly, we focus on the most widely deployed cryptographic libraries, which aim to provide side-channel resistance. We are able to evaluate whether their claims hold across various CPU architectures, including x86-64, x86-i386, armv7, aarch64, RISC-V, and MIPS-32. Our large-scale study reveals that several compiler-induced secret-dependent operations occur within some of the most highly regarded hardened cryptographic libraries. To the best of our knowledge, such findings represent the first time these issues have been observed in the wild. One of the key takeaways of this paper is that the state-of-the-art defensive programming techniques employed for side-channel resistance are still inadequate, incomplete, and bound to fail when paired with the optimizations that compilers continuously introduce.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
Cornell University
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.title
Breaking Bad: How Compilers Break Constant-Time Implementations
en_US
dc.type
Working Paper
dc.rights.license
In Copyright - Non-Commercial Use Permitted
ethz.journal.title
arXiv
ethz.pages.start
2410.13489
en_US
ethz.size
18 p.
en_US
ethz.version.edition
v1
en_US
ethz.identifier.arxiv
2410.13489
ethz.publication.place
Ithaca, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.date.deposited
2024-10-21T09:09:20Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2024-10-21T11:03:00Z
ethz.rosetta.lastUpdated
2024-10-21T11:03:00Z
ethz.rosetta.exportRequired
true
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Breaking%20Bad:%20How%20Compilers%20Break%20Constant-Time%20Implementations&rft.jtitle=arXiv&rft.date=2024-10-17&rft.spage=2410.13489&rft.au=Schneider,%20Moritz&Lain,%20Daniele&Puddu,%20Ivan&Dutly,%20Nicolas&Capkun,%20Srdjan&rft.genre=preprint&rft_id=info:doi/10.48550/arXiv.2410.13489&
 Search print copy at ETH Library

Files in this item

Thumbnail

Publication type

Show simple item record