{"id":"https://openalex.org/W4384948762","doi":"https://doi.org/10.1109/sp46215.2023.10179450","title":"Jolt: Recovering TLS Signing Keys via Rowhammer Faults","display_name":"Jolt: Recovering TLS Signing Keys via Rowhammer Faults","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4384948762","doi":"https://doi.org/10.1109/sp46215.2023.10179450"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179450","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179450","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082629614","display_name":"Koksal Mus","orcid":null},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Koksal Mus","raw_affiliation_strings":["Worcester Polytechnic Institute,Worcester,MA,USA","Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]},{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086897887","display_name":"Yark\u0131n Dor\u00f6z","orcid":"https://orcid.org/0000-0001-6755-6239"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yark\u0131n Dor\u00f6z","raw_affiliation_strings":["Worcester Polytechnic Institute,Worcester,MA,USA","Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]},{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041436639","display_name":"M. Caner Tol","orcid":"https://orcid.org/0000-0002-4512-9145"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"M. Caner Tol","raw_affiliation_strings":["Worcester Polytechnic Institute,Worcester,MA,USA","Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]},{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102536903","display_name":"Kristi Rahman","orcid":null},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kristi Rahman","raw_affiliation_strings":["Worcester Polytechnic Institute,Worcester,MA,USA","Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]},{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066592325","display_name":"Berk Sunar","orcid":"https://orcid.org/0000-0001-5404-5368"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Berk Sunar","raw_affiliation_strings":["Worcester Polytechnic Institute,Worcester,MA,USA","Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute,Worcester,MA,USA","institution_ids":["https://openalex.org/I107077323"]},{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.2632,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.93523477,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1719","last_page":"1736"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7457531094551086},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.5899226069450378},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5792807340621948},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.5461046695709229},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5245100259780884},{"id":"https://openalex.org/keywords/replay-attack","display_name":"Replay attack","score":0.5055389404296875},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5015804767608643},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.48139357566833496},{"id":"https://openalex.org/keywords/handshake","display_name":"Handshake","score":0.4727778434753418},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.4667615592479706},{"id":"https://openalex.org/keywords/cryptographic-nonce","display_name":"Cryptographic nonce","score":0.43260663747787476},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.33077701926231384},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.2974298894405365},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.2785876989364624},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1032208502292633},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.08748829364776611}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7457531094551086},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.5899226069450378},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5792807340621948},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.5461046695709229},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5245100259780884},{"id":"https://openalex.org/C11560541","wikidata":"https://www.wikidata.org/wiki/Q1756025","display_name":"Replay attack","level":3,"score":0.5055389404296875},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5015804767608643},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.48139357566833496},{"id":"https://openalex.org/C2778000800","wikidata":"https://www.wikidata.org/wiki/Q830043","display_name":"Handshake","level":3,"score":0.4727778434753418},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.4667615592479706},{"id":"https://openalex.org/C9996903","wikidata":"https://www.wikidata.org/wiki/Q1749235","display_name":"Cryptographic nonce","level":3,"score":0.43260663747787476},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.33077701926231384},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.2974298894405365},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2785876989364624},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1032208502292633},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.08748829364776611},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C151319957","wikidata":"https://www.wikidata.org/wiki/Q752739","display_name":"Asynchronous communication","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179450","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179450","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5699999928474426}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":59,"referenced_works":["https://openalex.org/W1547036183","https://openalex.org/W1580599221","https://openalex.org/W1586547048","https://openalex.org/W1597555784","https://openalex.org/W2013613544","https://openalex.org/W2058546698","https://openalex.org/W2066425771","https://openalex.org/W2122982257","https://openalex.org/W2125815652","https://openalex.org/W2136635506","https://openalex.org/W2157116240","https://openalex.org/W2161110873","https://openalex.org/W2161740631","https://openalex.org/W2337480911","https://openalex.org/W2398262958","https://openalex.org/W2473598730","https://openalex.org/W2507765405","https://openalex.org/W2522718524","https://openalex.org/W2537014044","https://openalex.org/W2553461292","https://openalex.org/W2585270215","https://openalex.org/W2621279043","https://openalex.org/W2734941459","https://openalex.org/W2814895833","https://openalex.org/W2889929196","https://openalex.org/W2898787455","https://openalex.org/W2943332110","https://openalex.org/W2962726564","https://openalex.org/W2974891422","https://openalex.org/W2986666149","https://openalex.org/W3015685940","https://openalex.org/W3016266693","https://openalex.org/W3046609696","https://openalex.org/W3046859417","https://openalex.org/W3094572750","https://openalex.org/W3095549427","https://openalex.org/W3096664316","https://openalex.org/W3157056325","https://openalex.org/W4206595402","https://openalex.org/W4233459511","https://openalex.org/W4288057800","https://openalex.org/W4299301436","https://openalex.org/W4394595229","https://openalex.org/W6628656099","https://openalex.org/W6684146691","https://openalex.org/W6687973968","https://openalex.org/W6712590282","https://openalex.org/W6720892955","https://openalex.org/W6723169266","https://openalex.org/W6725368715","https://openalex.org/W6732938580","https://openalex.org/W6744009158","https://openalex.org/W6753951102","https://openalex.org/W6755374920","https://openalex.org/W6755850701","https://openalex.org/W6760517015","https://openalex.org/W6769857062","https://openalex.org/W6781541833","https://openalex.org/W6839110983"],"related_works":["https://openalex.org/W4292152333","https://openalex.org/W2765230662","https://openalex.org/W4292153222","https://openalex.org/W199184564","https://openalex.org/W4315630311","https://openalex.org/W1980803971","https://openalex.org/W2594692618","https://openalex.org/W2995980218","https://openalex.org/W2767098552","https://openalex.org/W1544735678"],"abstract_inverted_index":{"Digital":[0],"Signature":[1],"Schemes":[2],"such":[3,19,202,299,307],"as":[4,20,203,300,308],"DSA,":[5],"ECDSA,":[6],"and":[7,23,30,50,181,209,302,310,320],"RSA":[8,29,49,182,244],"are":[9,32,246,272],"widely":[10],"deployed":[11],"to":[12,34,117,153,224,255,279,296],"protect":[13],"the":[14,36,39,45,55,71,97,107,112,126,154,160,174,188,216,314],"integrity":[15],"of":[16,38,57,111,190,228,322],"security":[17,305,326],"protocols":[18,306],"TLS,":[21,26,301],"SSH,":[22],"IPSec.":[24,311],"In":[25],"for":[27,144,236,316],"instance,":[28],"(EC)DSA":[31,51,285],"used":[33],"sign":[35],"state":[37],"agreed":[40],"upon":[41],"protocol":[42,327],"parameters":[43],"during":[44,92],"handshake":[46],"phase.":[47],"Naturally,":[48],"implementations":[52],"have":[53,260],"become":[54],"target":[56,214],"numerous":[58],"attacks,":[59],"including":[60],"powerful":[61],"side-channel":[62],"attacks.":[63],"Hence,":[64],"cryptographic":[65,200,250],"libraries":[66,201],"were":[67],"patched":[68],"repeatedly":[69],"over":[70],"years.Here":[72],"we":[73,101],"introduce":[74],"Jolt,":[75],"a":[76,140,145,229,294,317],"novel":[77],"attack":[78,84,136,158,176],"targeting":[79,195],"signature":[80,93,98],"scheme":[81],"implementations.":[82,328],"Our":[83],"exploits":[85],"faulty":[86,103,142],"signatures":[87,104,143,183,245,286],"gained":[88],"by":[89,192],"injecting":[90],"faults":[91,323],"generation.":[94],"By":[95],"using":[96],"verification":[99],"primitive,":[100],"correct":[102],"and,":[105],"in":[106,125,198,248,325],"process":[108],"deduce":[109],"bits":[110,227],"secret":[113,161],"signing":[114,162,169],"key.":[115],"Compared":[116],"recent":[118],"attacks":[119],"that":[120,128,156,173,242,284],"exploit":[121],"single":[122],"bit":[123],"biases":[124],"nonce":[127],"require":[129],"2":[130,222],"<sup":[131],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[132],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">45</sup>":[133],"signatures,":[134],"our":[135,157,213,280],"requires":[137],"less":[138,220,274],"than":[139,221],"thousand":[141],"256-bit":[146,230],"(EC)DSA.":[147],"The":[148],"performance":[149],"improvement":[150],"is":[151,234],"due":[152],"fact":[155],"targets":[159],"key,":[163,232],"which":[164,233,271],"does":[165],"not":[166],"change":[167],"across":[168],"sessions.":[170],"We":[171,240,259,282],"show":[172],"proposed":[175],"also":[177,261],"works":[178],"on":[179],"Schnorr":[180],"with":[184],"minor":[185],"modifications.We":[186],"demonstrate":[187],"viability":[189],"Jolt":[191],"running":[193],"experiments":[194],"TLS":[196],"handshakes":[197],"common":[199],"WolfSSL,":[204],"OpenSSL,":[205],"Microsoft":[206],"SymCrypt,":[207],"LibreSSL,":[208],"Amazon":[210],"s2n.":[211],"On":[212],"platform,":[215],"online":[217],"phase":[218],"takes":[219],"hours":[223],"recover":[225],"192":[226],"ECDSA":[231],"sufficient":[235],"full":[237],"key":[238],"recovery.":[239],"note":[241],"while":[243],"protected":[247],"popular":[249],"libraries,":[251],"OpenSSL":[252],"remains":[253],"vulnerable":[254,278],"double":[256],"fault":[257],"injection.":[258],"reviewed":[262],"their":[263],"Federal":[264],"Information":[265],"Processing":[266],"Standard":[267],"(FIPS)":[268],"hardened":[269],"versions":[270],"slightly":[273],"efficient":[275],"but":[276],"still":[277],"attack.":[281],"found":[283],"remain":[287],"largely":[288],"unprotected":[289],"against":[290],"software-only":[291],"faults,":[292],"posing":[293],"threat":[295],"real-life":[297],"deployments":[298],"potentially":[303],"other":[304],"SSH":[309],"This":[312],"highlights":[313],"need":[315],"thorough":[318],"review":[319],"implementation":[321],"checking":[324]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}