Welcome to the tenth edition. After a week off enjoying sunny Fuerteventura, I’m back behind the keyboard. Let’s dive right in…

Pesky Maths

If you want to read one article to understand why encryption schemes are fallible, I recommend this excellent piece from MIT Technology Review.

It highlights the often-overlooked fact that we cannot prove one-way functions exist:

"Although mathematicians suspect true one-way functions exist, they have yet to prove it. They haven’t proved that the thorny problems we do use [for cryptography] are impossible, or even extremely impractical, to solve."

It also explains the evolution of cryptography, including the rise of public key crypto in the 1970s and the threat of quantum lying ahead.

At 3.5k words, it's about a 15-minute read. But well worth it.

• Link to the article: https://www.technologyreview.com/2023/10/19/1081389/unbreakable-encryption-quantum-computers-cryptography-math-problems/

When a Hammer Just Won’t Do

Researchers have discovered a new way to flip bits in RAM, which may lead to future attacks.

The new approach is known as "RowPress", and it circumvents modern RAM defences aimed at preventing bit flips.

These sorts of bit-flipping attacks aim to change memory values that belong to other applications, potentially influencing their behaviour. This can lead to privilege escalation attacks, for example.

The topic gained worldwide attention in 2014 when an attack known as "RowHammer" flipped memory bits by reading nearby memory cells many thousands of times.

RAM manufacturers have been fighting these sorts of attacks ever since. Unfortunately, the new RowPress approach seems unaffected by modern defences.

RowPress works by holding RAM cells open for long periods of time, which seems to destabilise nearby rows. It reduces, by an order of magnitude or more, the "hammering" required to induce bit flips.

There isn't yet a working exploit, but that is usually only a matter of time after a new flipping approach is discovered. The paper's authors describe a few defences that could be introduced to prevent this attack.

• Link to the paper (PDF): https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf.

Speculation Abound

A new speculative execution attack affects iPads, iPhones and Macs running on Apple M-Series chips.

The attack targets WebKit-based browsers, which include all browsers on iOS and Safari on MacOS.

As a reminder, speculative execution is an optimisation technique used by most high-performance computer chips. Instead of waiting for a computation to finish before selecting which code path to take next, the processor "optimistically" executes multiple potential code paths. Once the original computation finishes, the processor discards the unneeded code paths and retains only the correct path.

Attackers have figured out how to abuse this functionality to leak secrets. And these sorts of attacks are a nightmare for chip vendors to fight against. You may recall the chaos surrounding the earlier announcements of Spectre and Meltdown in 2018, which targeted popular computer chips from Intel and AMD (among others).

This new attack is dubbed iLeakage and manages to break the isolation of tabs in WebKit browsers, despite a whole host of defences in Apple chips aimed to prevent this kind of attack.

Fortunately, the attack is limited in effectiveness. Data extraction is very slow, at about 30 bits per second. The example attacks also trigger a suspicious new tab to appear, which an astute user is likely to close.

For the full details, see the links below. As is par for the course these days, the attack has a nice website and logo, full of useful FAQs and whatnot.

• Link to the iLeakage website: https://ileakage.com.

• Direct link to the paper (PDF): https://ileakage.com/files/ileakage.pdf.

Remove Your Tin Foil Hats

Many cryptographic algorithms use fixed parameter sets provided by governmental agencies. But is this safe?

One example is ECDSA, which is typically used with curves defined by NIST. Cryptocurrencies, such as Bitcoin, rely exclusively on such curves.

The tin foil hat brigade might panic at such levels of government oversight. But fortunately, this is an entirely sensible thing to do.

In a recent blog post, Filippo Valsorda (former Cloudflare and Google crypto lead) explains why this is a much safer approach than using custom parameters.

• Link to post: https://words.filippo.io/dispatches/parameters/.