We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack. Here’s how it works- pacmanattack.com

We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with yingchen wang). hertzbleed.com

We would like to thank the collaboration with Cloudflare and Microsoft Research. Especially the mitigation of SIKE from Armando Faz 🌵 and Patrick Longa

Indeed! It will be interesting and important to see if this approach can be used to attack current ECC systems in practice

A team of researchers, including yingchen wang & @Hovav Shacham of Computer Science at UT Austin, found that a common feature of modern computer processors can make even carefully written encryption software reveal its secrets when probed by an attacker. #Hertzbleed cns.utexas.edu/news/attackers…

You may have seen the Hertzbleed Attack logo on your screen a couple weeks ago but didn't look into it deeper. Now's your time! Check out our approachable explainer by yingchen wang (co-discoverer and Cloudflare intern) and Armando Faz 🌵 (research engineer). blog.cloudflare.com/hertzbleed-exp…

Indeed, for SIKE, what makes the attack possible is the percentage of low HW/HD data flow but not the total running time

🐱🐱👏👏

I am happy to announce that Collide+Power, our new and generic software-based power side-channel technique, has been accepted at USENIX Security 2023 #usesec23. collidepower.com

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

Ever wondered what happens when side-channel resistant code meets a fancy prefetcher? Checkout our paper breaking constant time crypto on Apple CPUs. gofetch.fail Joint work with Boru Chen, yingchen wang, Pradyumna Shome (pradyumna.bsky.social), Chris Fletcher, David Kohlbrenner, Riccardo Paccagnella