Single Trace Attack Against RSA Key Generation in Intel SGX SSL

Samuel Weiser, Raphael Spreitzer, Lukas Bodner

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Microarchitectural side-channel attacks have received significant attention recently. However, while side-channel analyses on secret key operations such as decryption and signature generation are well established, the process of key generation did not receive particular attention so far. Especially due to the fact that microarchitectural attacks usually require multiple observations (more than one measurement trace) to break an implementation, one-time operations such as key generation routines are often considered as uncritical and out of scope. However, this assumption is no longer valid for shielded execution architectures, where sensitive code is executed---in the realm of a potential attacker---inside hardware enclaves. In such a setting, an untrusted operating system can conduct noiseless controlled-channel attacks by exploiting page access patterns.

In this work, we identify a critical vulnerability in the RSA key generation procedure of Intel SGX SSL (and the underlying OpenSSL library) that allows to recover secret keys from observations of a single execution. In particular, we mount a controlled-channel attack on the binary Euclidean algorithm (BEA), which is used for checking the validity of the RSA key parameters generated within an SGX enclave. Thereby, we recover all but 16 bits of one of the two prime factors of the public modulus. For an 8192-bit RSA modulus, we recover the remaining 16 bits and thus the full key in less than 12 seconds on a commodity PC. In light of these results, we urge for careful re-evaluation of cryptographic libraries with respect to single trace attacks, especially if they are intended for shielded execution environments such as Intel SGX.
Original languageEnglish
Title of host publicationASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security
PublisherAssociation of Computing Machinery
ISBN (Electronic)978-1-4503-5576-6
Publication statusPublished - 2018
Event13th ACM ASIA Conference on Information, Computer and Communications Security - Incheon, Korea, Republic of
Duration: 4 Jun 20188 Jun 2018


Conference13th ACM ASIA Conference on Information, Computer and Communications Security
Abbreviated titleASIACCS 2018
Country/TerritoryKorea, Republic of
Internet address


Dive into the research topics of 'Single Trace Attack Against RSA Key Generation in Intel SGX SSL'. Together they form a unique fingerprint.

Cite this