A method for constructing sliding windows leak from noisy cache timing information

Rei Ueno, Junko Takahashi, Yu-Ichi Hayashi, Naofumi Homma

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


This paper presents a method for constructing an operation sequence of sliding window exponentiation from the noisy cache information of RSA, which can be used for a cache attack using sliding windows leak (SWL). An SWL attack can retrieve the secret keys of RSA with non-negligible probability if the SWL is correctly captured. However, in practice, it is not always possible for an attacker to acquire a complete and correct operation sequence from cache information observation. In this paper, we first show that the capture errors in an operation sequence can be evaluated based on the Levenshtein distance between correct and estimated sequences. The dynamic time warping algorithm is employed for quantitative evaluation. Then, we present a method of accurately estimating a complete and correct operation sequence from noisy sequences obtained through multiple observations. Furthermore, we show the effectiveness of the proposed method through a set of experiments performed using RSA software in Libgcrypt. As a result, we can identify the correct operation sequence from approximately 100 observations of cache traces.

Original languageEnglish
Pages (from-to)161-170
Number of pages10
JournalJournal of Cryptographic Engineering
Issue number2
Publication statusPublished - 2021 Jun


  • Cache attack
  • Flush + Reload
  • Libgcrypt
  • RSA
  • Sliding windows exponentiation

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'A method for constructing sliding windows leak from noisy cache timing information'. Together they form a unique fingerprint.

Cite this