At first glance the news that German security researchers have managed to uncover a new method of breaking RSA public-key encryption using a side channel attack concept known as Simple Branch Prediction Analysis might sound awful worrying. More so seeing as it is said to be particularly effective in the realm of digital rights management software. Doubly more so with knobs on as the code breaking in question can be done using readily available consumer PCs rather than ultra expensive and dedicated kit.
Branch Prediction Analysis itself is nothing new of course, it is the addition of the ‘Simple’ bit that changes things. Instead of having to execute numerous attempts in order to obtain meaningful information, in this case collecting the secret bits in the RSA signing operation by monitoring the physical states of the CPU itself, it can collect that data in a single pass and manages to bypass the OpenSSL protection against just this kind of attack.