Thank you, very happy to be finally be here ๐
23.07.2025 12:27
๐ 6
๐ 0
๐ฌ 0
๐ 0
Thank you, very happy to be finally be here ๐
Special thanks to
@0xhilbert.bsky.social
for the many discussions!
We can also do a modified first-round attack on AES T-Tables, thanks to their innate offset within a page, even though our pattern stretches across all 4 Tables and we can't look at individual lines or even individual Tables. All we need is to know which half of the page sees more accesses!
Now, half a page granularity might not seem very accurate, but the pattern actually helps us quite a bit!
For example, we can choose a pattern size that fits the RSA S&M algorithm and recover an entire 4096 bit key with a single trace.
We find that AMD does ciphertext coherence with cache line granularity, but instead 32 cache lines (half a page)!
And even crazier, it's not 32 adjacent cache lines, but they're spread over a page in varying patterns: each accessed line evicts all others in its half of the page.
new *paper damnit
I'm very happy to announce our new Cohere+Reload: Re-enabling High-Resolution Cache Attacks on AMD SEV-SNP was accepted at DIMVA 2025!
In it @snee.la, @gruss.cc and I investigate AMD's ciphertext coherence mechanism and show even low resolution leakage can go a long way.
Paper preview: cr.giner.cc
๐ข Submission deadline extended to Feb 19th!
Take the extra days to polish your work and submit it here:
๐ dimva25r2.hotcrp.com
#DIMVA25 #DIMVA