{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:53:37Z","timestamp":1774367617423,"version":"3.50.1"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2019,8,13]],"date-time":"2019-08-13T00:00:00Z","timestamp":1565654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["STARSS-1618379 and TWC-1563697"],"award-info":[{"award-number":["STARSS-1618379 and TWC-1563697"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000028","name":"Semiconductor Research Corporation","doi-asserted-by":"crossref","award":["#2687"],"award-info":[{"award-number":["#2687"]}],"id":[{"id":"10.13039\/100000028","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Archit. Code Optim."],"published-print":{"date-parts":[[2019,9,30]]},"abstract":"<jats:p>To increase computation throughput, general purpose Graphics Processing Units\u00a0(GPUs) have been leveraged to accelerate computationally intensive workloads. GPUs have been used as cryptographic engines, improving encryption\/decryption throughput and leveraging the GPU\u2019s Single Instruction Multiple Thread\u00a0(SIMT) model. RSA is a widely used public-key cipher and has been ported onto GPUs for signing and decrypting large files. Although performance has been significantly improved, the security of RSA on GPUs is vulnerable to side-channel timing attacks and is an exposure overlooked in previous studies.<\/jats:p>\n          <jats:p>GPUs tend to be naturally resilient to side-channel attacks, given that they execute a large number of concurrent threads, performing many RSA operations on different data in parallel. Given the degree of parallel execution on a GPU, there will be a significant amount of noise introduced into the timing channel given the thousands of concurrent threads executing concurrently.<\/jats:p>\n          <jats:p>In this work, we build a timing model to capture the parallel characteristics of an RSA public-key cipher implemented on a GPU. We consider optimizations that include using Montgomery multiplication and sliding-window exponentiation to implement cryptographic operations. Our timing model considers the challenges of parallel execution, complications that do not occur in single-threaded computing platforms. Based on our timing model, we launch successful timing attacks on RSA running on a GPU, extracting the private key of RSA. We also present an effective error detection and correction mechanism. Our results demonstrate that GPU acceleration of RSA is vulnerable to side-channel timing attacks. We propose several countermeasures to defend against this class of attacks.<\/jats:p>","DOI":"10.1145\/3341729","type":"journal-article","created":{"date-parts":[[2019,8,13]],"date-time":"2019-08-13T14:41:50Z","timestamp":1565707310000},"page":"1-18","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Side-channel Timing Attack of RSA on a GPU"],"prefix":"10.1145","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9647-3675","authenticated-orcid":false,"given":"Chao","family":"Luo","sequence":"first","affiliation":[{"name":"MathWorks, Natick, MA, USA"}]},{"given":"Yunsi","family":"Fei","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"David","family":"Kaeli","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,8,13]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102140"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36095-4_2"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23822-2_20"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium (SSYM\u201903)","volume":"12","author":"Brumley David","year":"2003"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2012.01.027"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/s001459900030"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the International Conference on Smart Card Research and Advanced Applications. Springer, 167--182","author":"Dhem Jean-Francois","year":"1998"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-015-0107-0"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/648253.752537"},{"key":"e_1_2_1_10_1","first-page":"898","article-title":"Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud","volume":"2015","author":"Inci Mehmet Sinan","year":"2015","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the Symposium on Networked Systems Design and Implementation. USENIX Association, 1--14","author":"Jang Keon","year":"2011"},{"key":"e_1_2_1_12_1","unstructured":"Keon Jang Sangjin Han Seungyeop Han and KyoungSoo Park. 2015. libgpucrypto. Retrieved from: https:\/\/github.com\/lwakefield\/libgpucrypto.  Keon Jang Sangjin Han Seungyeop Han and KyoungSoo Park. 2015. libgpucrypto. Retrieved from: https:\/\/github.com\/lwakefield\/libgpucrypto."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2016.7446081"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3060403.3060462"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2018.00023"},{"key":"e_1_2_1_16_1","volume-title":"Seminumerical Algorithms","volume":"2","author":"Knuth Donald Ervin","year":"1998"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/0898-1221(95)00153-P"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/646761.706156"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240812"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-1985-0777282-X"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the Conference on Cryptography and Coding.","author":"Moss Andrew"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3123939.3124538"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243831"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_2_1_26_1","volume-title":"Analysis of the variable length nonzero window method for exponentiation. Computers 8 Mathematics with Applications 37, 7 (Apr","author":"Park Heejin","year":"1999"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/648253.752399"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85053-3_6"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the International Telecommunications Network Strategy and Planning Symposium","volume":"9","author":"T\u00f3th R."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1049\/el:19991230"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17533-1_31"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the USENIX Security Conference","volume":"2014","author":"Yarom Yuval","year":"2014"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53140-2_17"}],"container-title":["ACM Transactions on Architecture and Code Optimization"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3341729","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3341729","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3341729","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:43:24Z","timestamp":1750207404000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3341729"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,13]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,9,30]]}},"alternative-id":["10.1145\/3341729"],"URL":"https:\/\/doi.org\/10.1145\/3341729","relation":{},"ISSN":["1544-3566","1544-3973"],"issn-type":[{"value":"1544-3566","type":"print"},{"value":"1544-3973","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,8,13]]},"assertion":[{"value":"2019-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-08-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}