> From: Edward Ned Harvey (bouncycastle) > [mailto:bouncycas...@nedharvey.com] > > Yes I believe an observer of the ground signal could determine "I saw a > power spike between X ms and Y ms, which probably means you did > something cryptographic or doing some kind of compression or > decompression, or graphics rendering," but no I don't believe even remotely, > that they are extracting private keys out of that signal, nor what jpg you > viewed, nor what file you zip'd up, or what video you converted from H.264 > to Mpeg4. All of these would be the *content* of what you were processing > at the time.
Ok, I have to stand back now and admit that I was wrong (sorry 'bout that), but that might or might not have any bearing on the relevance - having read their work more completely now, I see they are not claiming to extract keys from memory or from the CPU; they are doing chosen ciphertext attack, such that bits in the ciphertext will cause CPU spikes upon decryption, at predictable time intervals, when targeted bits of the key are set. By performing this action thousands of times over and over, with chosen ciphertext each time crafted to extract a specific bit of the key, they're able to extract all the bits of the key. Is bouncy castle susceptible to this? Presumably. How relevant is it? Well, it's not terribly difficult to send somebody a message and get them to decrypt garbage data once, or even a few times. But getting them to repeatedly decrypt thousands of times, garbage data every single time, a little more difficult. (Because chosen ciphertext will invariably decrypt to garbage.) Yes this is relevant in situations where some automated system will repeatedly try to decrypt garbage data without the need for human interaction. It might have some real world applications such as attacking a server, or even perhaps a laptop with email client using S/MIME key. So the attack requires (a) physical proximity, and (b) an automated system that consistently decrypts the attacker's injected garbage data chosen ciphertext, and of course (c) knowledge of what algorithm the target system is using for decryption. So yes it's important, but not anywhere near the scale of heartbleed, etc. You can't just walk up to somebody's computer, touch it and get their keys out of it.
