CISPA
Browse
cispa_all_3983.pdf (338.2 kB)

Efficient and Generic Microarchitectural Hash-Function Recovery

Download (338.2 kB)
conference contribution
posted on 2023-11-29, 18:23 authored by Lukas GerlachLukas Gerlach, Simon Schwarz, Nicolas Faroß, Michael SchwarzMichael Schwarz
Modern CPUs use a variety of undocumented microarchitectural hash functions to efficiently distribute data within microarchitectural structures such as caches. A well-known function is the cache slice function that distributes cache lines to the slices of the last-level cache. Knowing these functions improves microarchitectural attacks, such as Prime+Probe or Rowhammer, drastically. However, while several such linear functions have been reverse-engineered, there is no generic or automated approach for reverse-engineering non-linear functions, which have become common with modern CPUs. In this paper, we introduce a novel generic approach for automatically reverse-engineering a wide range of microarchitectural hash functions. Our approach combines techniques initially used for logic-gate minimization and from computer algebra to infer the hash functions based on input-output pairs observed via side channels. With our framework, we infer 3 previously-unknown non-linear hash functions on both AMD and Intel CPUs, including the new Alder Lake hybrid-CPU architecture. We verify our approach by reproducing known hash functions and evaluating side-channel attacks that rely on these functions, resulting in success rates above 97.65%. We stress the need to design such functions with both performance and security in mind and discuss alternative designs that can be used in future CPUs.

History

Preferred Citation

Lukas Gerlach, Simon Schwarz, Nicolas Faroß and Michael Schwarz. Efficient and Generic Microarchitectural Hash-Function Recovery. In: DISC International Symposium on Distributed Computing (DISC). 2024.

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

DISC International Symposium on Distributed Computing (DISC)

Legacy Posted Date

2023-07-14

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3983, title = "Efficient and Generic Microarchitectural Hash-Function Recovery", author = "Gerlach, Lukas and Schwarz, Simon and Faroß, Nicolas and Schwarz, Michael", booktitle="{DISC International Symposium on Distributed Computing (DISC)}", year="2024", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC