Drive-by key-extraction cache attacks from portable code

Daniel Genkin, Lev Pachmanov, Eran Tromer, Yuval Yarom

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in WebAssembly and PNaCl; how to attain fine-grained measurements; and how to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack.

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings
EditorsBart Preneel, Frederik Vercauteren
PublisherSpringer Verlag
Number of pages20
ISBN (Print)9783319933863
StatePublished - 2018
Event16th International Conference on Applied Cryptography and Network Security, ACNS 2018 - Leuven, Belgium
Duration: 2 Jul 20184 Jul 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10892 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference16th International Conference on Applied Cryptography and Network Security, ACNS 2018


Dive into the research topics of 'Drive-by key-extraction cache attacks from portable code'. Together they form a unique fingerprint.

Cite this