A timing side-channel attack exploits variations in the execution time of cryptographic algorithms to infer sensitive information, such as encryption keys, by measuring these differences.
This essentially involves leveraging time to understand a cryptographic implementation and then exploiting it to recover the secret.
Let us look into an example of Comparing a Password →
does_it_match(input_pass): good_pass = ‘Abcd!234’for i inrange (strlen(good_pass)):if good_pass[i]!= input_pass[i]:returnFalsereturnTrue
This is a classic example where we can actually conduct a timing side-channel attack. The password is matched one letter at a time. If a letter matches, it proceeds to the next one. Thus, there is a difference in timing between matched and unmatched letters. Comparing these timings can yield significant results. This can be achieved by feeding various inputs into the 'does_it_match' function. We can try different inputs to observe if the execution time remains:
