Abstract
Power side-channel attacks exploit data-dependent varia-
tions in a CPU’s power consumption to leak secrets. In this
paper, we show that on modern Intel (and AMD) x86 CPUs,
power side-channel attacks can be turned into timing attacks
that can be mounted without access to any power measure-
ment interface. Our discovery is enabled by dynamic voltage
and frequency scaling (DVFS). We find that, under certain
circumstances, DVFS-induced variations in CPU frequency
depend on the current power consumption (and hence, data)
at the granularity of milliseconds. Making matters worse,
these variations can be observed by a remote attacker, since
frequency differences translate to wall time differences!
The frequency side channel is theoretically more powerful
than the software side channels considered in cryptographic
engineering practice today, but it is difficult to exploit because
it has a coarse granularity. Yet, we show that this new channel
is a real threat to the security of cryptographic software. First,
we reverse engineer the dependency between data, power,
and frequency on a modern x86 CPU—finding, among other
things, that differences as seemingly minute as a set bit’s
position in a word can be distinguished through frequency
changes. Second, we describe a novel chosen-ciphertext at-
tack against (constant-time implementations of) SIKE, a post-
quantum key encapsulation mechanism, that amplifies a sin-
gle key-bit guess into many thousands of high- or low-power
operations, allowing full key extraction via remote timing.