So far I have researched on timing attack on RSA, We all know the ransomware nam

Question

So far I have researched on timing attack on RSA, We all know the ransomware named Cryptolocker it uses RSA 2048 bit encryption. Now is it possible to break the encryption using timing attack. I have been gathering information about cryptolocker, Its a ransomware which encrypts files in the system with RSA 2048 bits encryption and asks for ransom to release the private key stored in the server and decrypt the files infected. As it is a 2048 bit encryption it is not possible to break the key, however with sidechannel attack researchers have attacked even 4096 bit RSA encryption. Timing attack is a side channel attack. So my question is, is it possible to attack the cyber criminal's server by performing a timing attack?

Explanation / Answer

No, it's not possible to recover the private RSA key; not with a timing attack, not with a debugger, not with any technical means. There isn't enough information on the victim's computer.

The timing attack you describe requires timing the decryption operation, which could reveal the decryption key. But the malware isn't ever decrypting anything, it's just encrypting the victim's data. The malware doesn't ever have the decryption key until after you pay the ransom.

All a timing attack could tell you about RSA keys during encryption is the encryption key, but that's just the public key that your machine's virus retrieves from their server. The whole point of asymmetric encryption security is to separate encryption secrets from decryption secrets.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.