GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers
Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher Fletcher, David Kohlbrenner, Riccardo Paccagnella, Daniel Genkin
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
The talk "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers" unveils a critical vulnerability in the security guarantees of **constant-time programming** on modern Apple M-series CPUs. Presented at USENIX Security '24 by a collaborative team of researchers, this work demonstrates how a hardware feature, specifically the **Data Memory-Dependent Prefetcher (DMP)**, can inadvertently reintroduce secret-dependent timing variations into cryptographic code explicitly designed to prevent them. This discovery fundamentally challenges the long-held assumption that constant-time software practices are sufficient to thwart **timing attacks**.
AI review
This research from USENIX Security '24 exposes a critical vulnerability in Apple M-series CPUs, demonstrating how the Data Memory-Dependent Prefetcher (DMP) undermines constant-time cryptographic implementations. GoFetch's novel chosen-input attacks and meticulous reverse engineering reveal a new class of side-channel attacks capable of extracting keys from both classical and post-quantum crypto. This work forces a fundamental re-evaluation of hardware-software security co-design, proving that constant-time software alone is insufficient.