Home/ Questions/Q 7048965
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T02:57:19+00:00

I was wondering about a strange idea: you are given and algorithm wich takes

  • 0

I was wondering about a strange idea: you are given and algorithm wich takes a string in input and compares it to a string that you don’t know. The algoritm is just a trivial comparison, one char at a time. When a couple that doesn’t match is found, 0 is returned. Otherwise it returns 1.

Can you guess the secret string in a polynomial time by using the provided algorithm?

When a string doesn’t match, the time used to give the answer 0 is less than the time taken to return 1, because less comparisons are needed. Times involved are very small, and for this reason you can try a single instance many times to get a more accurate estimation. Estimating the time taken we could have informations about the secret string. If this works properly, we can guess the string one char at a time, in a polynomial time. So if this can happen we can try some kind of brute force attack char by char.

Does this make sense? Or is there something I’m misunderstanding?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can guess the secret string if you can can input your own strings to compare, or just observe enough strings (not chosen by you) being compared to the secret string, if the string comparison has been written in a way such that its execution time reveals information about the secret string.

    This is a known weakness cryptographic software can have, and all serious cryptographic software written nowadays avoids this weakness.

    For instance, to avoid revealing information about its arguments, a function that tests whether two buffers are the same or different may be written:

    int crypto_memcmp(const char *s1, const char *s2, size_t n)
{
  size_t i;
  int answer;
  for (i=0; i<n; i++)
    answer = answer | (s1[i] != s2[i]);
  return answer;
}

    You can use several techniques to check that a piece of code does not leak secrets through timing attacks. I wrote how to do it with static analysis here but this is based on a previous idea that used Valgrind (dynamic analysis) here.

    Note that it goes further than that. This article showed how you did not even need the execution path to depend on the secret to leak information. It was enough that the secret was used in the computation of some array indices that were subsequently accessed. On modern computers, this changes the execution time because the cache will make two successive accesses to similar indices faster than two successive accesses to indices that are far from each other, revealing information about the secret.

    • 0