Resistance to Timing Attacks for Sampling and Privacy Preserving Schemes

Authors Yoav Ben Dov, Liron David , Moni Naor , Elad Tzalik

Thumbnail PDF


  • Filesize: 0.81 MB
  • 23 pages

Document Identifiers

Author Details

Yoav Ben Dov
  • Weizmann Institute of Science, Rehovot, Israel
Liron David
  • Weizmann Institute of Science, Rehovot, Israel
Moni Naor
  • Weizmann Institute of Science, Rehovot, Israel
Elad Tzalik
  • Weizmann Institute of Science, Rehovot, Israel

Cite AsGet BibTex

Yoav Ben Dov, Liron David, Moni Naor, and Elad Tzalik. Resistance to Timing Attacks for Sampling and Privacy Preserving Schemes. In 4th Symposium on Foundations of Responsible Computing (FORC 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 256, pp. 11:1-11:23, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Side channel attacks, and in particular timing attacks, are a fundamental obstacle for secure implementation of algorithms and cryptographic protocols. These attacks and countermeasures have been widely researched for decades. We offer a new perspective on resistance to timing attacks. We focus on sampling algorithms and their application to differential privacy. We define sampling algorithms that do not reveal information about the sampled output through their running time. More specifically: (1) We characterize the distributions that can be sampled from in a "time oblivious" way, meaning that the running time does not leak any information about the output. We provide an optimal algorithm in terms of randomness used to sample for these distributions. We give an example of an efficient randomized algorithm 𝒜 such that there is no subexponential algorithm with the same output as 𝒜 that does not reveal information on the output or the input, therefore we show leaking information on either the input or the output is unavoidable. (2) We consider the impact of timing attacks on (pure) differential privacy mechanisms. It turns out that if the range of the mechanism is unbounded, such as counting, then any time oblivious pure DP mechanism must give a useless output with constant probability (the constant is mechanism dependent) and must have infinite expected running time. We show that up to this limitations it is possible to transform any pure DP mechanism into a time oblivious one.

Subject Classification

ACM Subject Classification
  • Mathematics of computing → Random number generation
  • Theory of computation → Cryptographic primitives
  • Theory of computation → Generating random combinatorial structures
  • Differential Privacy


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. On subnormal floating point and abnormal timing. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 623-639. IEEE Computer Society, 2015. URL:
  2. Victor Balcer and Salil P. Vadhan. Differential privacy on finite computers. In Anna R. Karlin, editor, 9th Innovations in Theoretical Computer Science Conference, ITCS 2018, January 11-14, 2018, Cambridge, MA, USA, volume 94 of LIPIcs, pages 43:1-43:21. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018. URL:
  3. Jonathan Bootle, Claire Delaplace, Thomas Espitau, Pierre-Alain Fouque, and Mehdi Tibouchi. LWE without modular reduction and improved side-channel attacks against BLISS. In Advances in Cryptology - ASIACRYPT 2018, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part I, volume 11272 of Lecture Notes in Computer Science, pages 494-524. Springer, 2018. URL:
  4. David Chaum. Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology: Proceedings of CRYPTO '82, Santa Barbara, California, USA, August 23-25, 1982, pages 199-203. Plenum Press, New York, 1982. URL:
  5. Luc Devroye. Non-Uniform Random Variate Generation. Springer, 1986. URL:
  6. Yoav Ben Dov, Liron David, Moni Naor, and Elad Tzalik. Resistance to timing attacks revisited: Protecting the keys. Technical report, Weizmann Institute of Science, Rehovot, 2023. Google Scholar
  7. Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Lattice signatures and bimodal gaussians. In Ran Canetti and Juan A. Garay, editors, Advances in Cryptology - CRYPTO 2013. Proceedings, Part I, volume 8042 of Lecture Notes in Computer Science, pages 40-56. Springer, 2013. URL:
  8. Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology - EUROCRYPT 2006, St. Petersburg, Russia, May 28 - June 1, 2006, Proceedings, volume 4004 of Lecture Notes in Computer Science, pages 486-503. Springer, 2006. URL:
  9. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam D. Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings, volume 3876 of Lecture Notes in Computer Science, pages 265-284. Springer, 2006. URL:
  10. Cynthia Dwork and Aaron Roth. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci., 9(3-4):211-407, 2014. URL:
  11. Thomas Espitau, Pierre-Alain Fouque, Benoît Gérard, and Mehdi Tibouchi. Side-channel attacks on BLISS lattice-based signatures: Exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 1857-1874. ACM, 2017. URL:
  12. David Feldman, Russell Impagliazzo, Moni Naor, Noam Nisan, Steven Rudich, and Adi Shamir. On dice and coins: Models of computation for random generation. Inf. Comput., 104(2):159-174, 1993. URL:
  13. Christina Ilvento. Implementing the exponential mechanism with base-2 differential privacy. In CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, November 9-13, 2020, pages 717-742. ACM, 2020. URL:
  14. Yuval Ishai, Amit Sahai, and David A. Wagner. Private circuits: Securing hardware against probing attacks. In Dan Boneh, editor, Advances in Cryptology - CRYPTO 2003 Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 463-481. Springer, 2003. URL:
  15. Mark Jerrum, Leslie G. Valiant, and Vijay V. Vazirani. Random generation of combinatorial structures from a uniform distribution. Theor. Comput. Sci., 43:169-188, 1986. URL:
  16. Yael Tauman Kalai and Leonid Reyzin. A survey of leakage-resilient cryptography. In Oded Goldreich, editor, Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pages 727-794. ACM, 2019. URL:
  17. Richard M. Karp and Michael Luby. Monte-carlo algorithms for enumeration and reliability problems. In 24th Annual Symposium on Foundations of Computer Science, Tucson, Arizona, USA, 7-9 November 1983, pages 56-64. IEEE Computer Society, 1983. URL:
  18. Richard M. Karp, Michael Luby, and Neal Madras. Monte-carlo approximation algorithms for enumeration problems. J. Algorithms, 10(3):429-448, 1989. URL:
  19. Donald E. Knuth and Andrew C. Yao. The complexity of nonuniform random number generation. Algorithms and Complexity: New Directions and Recent Results, edited by J.F.Traub, 1976. Google Scholar
  20. Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology - CRYPTO '96, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, volume 1109 of Lecture Notes in Computer Science, pages 104-113. Springer, 1996. URL:
  21. Richard J. Lipton and Jeffrey F. Naughton. Clocked adversaries for hashing. Algorithmica, 9(3):239-252, 1993. URL:
  22. Ilya Mironov. On significance of the least significant bits for differential privacy. In the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012, pages 650-661. ACM, 2012. URL:
  23. Gerald Tenenbaum. Introduction to analytic and probabilistic number theory, volume 163 of Graduate Studies in Mathematics. American Mathematical Society, Providence, Rhode Island, third edition. edition, 2015. Google Scholar
  24. Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W Fletcher, and David Kohlbrenner. Hertzbleed: Turning power side-channel attacks into remote timing attacks on x86. In Usenix Security '22: 31st USENIX Security Symposium 2022, pages 679-697. Usenix, 2022. Google Scholar