Making matters worse, data-dependent frequency differences directly translate to execution time differences (as 1 hertz = 1 cycle/second). This means that the same program can take a different wall time to compute, for example, 2022 + 23823 compared to 2022 + 24436.— Riccardo Paccagnella (@ricpacca) June 14, 2022
We then show that Hertzbleed is a real threat to the security of cryptographic software, by describing a novel chosen-ciphertext attack against SIKE. The attack allows full key extraction via *remote timing*, despite SIKE being implemented as “constant time”.— Riccardo Paccagnella (@ricpacca) June 14, 2022
A sebezhetőség weboldal itt.