Ib pab neeg tshawb fawb los ntawm University of Texas, University of Illinois, thiab University of Washington tau tshaj tawm cov ntaub ntawv hais txog tsev neeg tshiab ntawm kev tawm tsam sab-channel (CVE-2022-23823, CVE-2022-24436), codenamed Hertzbleed. Txoj kev npaj tawm tsam yog ua raws li cov yam ntxwv ntawm kev tswj hwm zaus hauv cov txheej txheem niaj hnub no thiab cuam tshuam rau txhua qhov tam sim no Intel thiab AMD CPUs. Muaj peev xwm, qhov teeb meem kuj tuaj yeem tshwm sim nws tus kheej hauv cov txheej txheem los ntawm lwm cov tuam txhab uas txhawb kev hloov pauv hloov pauv, piv txwv li, hauv ARM systems, tab sis txoj kev tshawb no txwv rau kev sim Intel thiab AMD chips. Cov ntawv sau nrog rau kev siv txoj kev tawm tsam tau tshaj tawm ntawm GitHub (qhov kev siv tau sim ntawm lub computer nrog Intel i7-9700 CPU).
Txhawm rau txhim kho lub zog siv hluav taws xob thiab tiv thaiv kom tsis txhob muaj cua sov, cov txheej txheem hloov pauv hloov qhov zaus nyob ntawm qhov kev thauj khoom, uas ua rau muaj kev hloov pauv hauv kev ua haujlwm thiab cuam tshuam rau lub sijhawm ua haujlwm ntawm kev ua haujlwm (kev hloov pauv zaus los ntawm 1 Hz ua rau muaj kev hloov pauv hauv kev ua haujlwm los ntawm 1 lub voj voog ib zaug. thib ob). Thaum lub sij hawm txoj kev tshawb no, nws tau pom tias nyob rau hauv tej yam kev mob ntawm AMD thiab Intel processors, qhov kev hloov nyob rau hauv zaus ncaj qha correlates nrog cov ntaub ntawv uas tau ua tiav, uas, piv txwv li, ua rau lub fact tias lub sij hawm xam ntawm cov hauj lwm "2022 + 23823" thiab "2022 + 24436" yuav txawv. Raws li kev txheeb xyuas qhov sib txawv ntawm lub sijhawm ua haujlwm ntawm kev ua haujlwm nrog cov ntaub ntawv sib txawv, nws muaj peev xwm ua kom rov qab tsis ncaj rau cov ntaub ntawv siv hauv kev suav. Nyob rau tib lub sijhawm, nyob rau hauv kev sib txuas ceev ceev nrog kev kwv yees tsis tu ncua, kev tawm tsam tuaj yeem nqa tawm los ntawm kev kwv yees lub sijhawm ua tiav ntawm kev thov.
Yog tias qhov kev tawm tsam ua tiav, cov teeb meem uas tau txheeb xyuas ua rau nws muaj peev xwm txiav txim siab tus yuam sij ntiag tug raws li kev txheeb xyuas lub sijhawm suav hauv cov tsev qiv ntawv cryptographic uas siv cov algorithms uas cov lej suav yeej ib txwm ua nyob rau lub sijhawm tas li, tsis hais qhov xwm txheej ntawm cov ntaub ntawv raug ua tiav. . Cov tsev qiv ntawv zoo li no tau pom tias muaj kev tiv thaiv los ntawm kev tawm tsam sab nraud, tab sis raws li nws tau muab tawm, lub sijhawm suav suav tsis yog tsuas yog los ntawm algorithm, tab sis kuj los ntawm cov yam ntxwv ntawm lub processor.
Raws li qhov ua piv txwv qhia txog qhov ua tau ntawm kev siv txoj kev npaj, kev tawm tsam ntawm kev siv SIKE (Supersingular Isogeny Key Encapsulation) qhov tseem ceeb encapsulation mechanism tau pom, uas tau suav nrog hauv qhov kawg ntawm kev sib tw tom qab quantum cryptosystems tuav los ntawm Asmeskas National Institute of Standards and Technology (NIST), thiab yog positioned raws li kev tiv thaiv los ntawm sab channel tawm tsam. Thaum lub sijhawm sim, siv qhov hloov pauv tshiab ntawm kev tawm tsam raws li kev xaiv ciphertext (kev xaiv maj mam raws li kev tswj hwm ntawm ciphertext thiab tau txais nws cov decryption), nws muaj peev xwm rov qab tau tag nrho cov yuam sij siv rau encryption los ntawm kev ntsuas los ntawm cov chaw taws teeb, txawm tias kev siv SIKE kev siv nrog lub sijhawm suav tas li. Kev txiav txim siab tus yuam sij 364-ntsis siv qhov kev siv CIRCL siv sijhawm 36 teev, thiab PQCrypto-SIDH siv sijhawm 89 teev.
Intel thiab AMD tau lees paub qhov tsis zoo ntawm lawv cov txheej txheem rau qhov teeb meem, tab sis tsis npaj los thaiv qhov tsis zoo los ntawm kev hloov kho microcode, vim nws yuav tsis tuaj yeem tshem tawm qhov tsis zoo ntawm cov khoom siv kho vajtse yam tsis muaj kev cuam tshuam loj rau kev ua haujlwm kho vajtse. Hloov chaw, cov neeg tsim khoom ntawm cov tsev qiv ntawv cryptographic tau txais cov lus pom zoo yuav ua li cas txhawm rau thaiv cov ntaub ntawv tawm thaum ua kev suav tsis pub lwm tus paub. Cloudflare thiab Microsoft twb tau ntxiv kev tiv thaiv zoo sib xws rau lawv cov kev siv SIKE, uas tau ua rau 5% kev ua tau zoo rau CIRCL thiab 11% kev ua haujlwm ntaus rau PQCrypto-SIDH. Lwm qhov kev daws teeb meem rau kev thaiv qhov tsis zoo yog txhawm rau lov tes taw Turbo Boost, Turbo Core, lossis Precision Boost hom hauv BIOS lossis tus neeg tsav tsheb, tab sis qhov kev hloov pauv no yuav ua rau muaj kev poob qis hauv kev ua haujlwm.
Intel, Cloudflare thiab Microsoft tau ceeb toom txog qhov teeb meem nyob rau lub quarter thib peb ntawm 2021, thiab AMD hauv thawj peb lub hlis twg ntawm 2022, tab sis kev tshaj tawm pej xeem ntawm qhov teeb meem tau ncua mus txog rau lub Rau Hli 14, 2022 ntawm Intel qhov kev thov. Lub xub ntiag ntawm qhov teeb meem tau lees paub hauv desktop thiab laptop processors raws li 8-11 tiam ntawm Intel Core microarchitecture, nrog rau ntau yam desktop, mobile thiab server processors AMD Ryzen, Athlon, A-Series thiab EPYC (cov kws tshawb fawb tau qhia txog txoj hauv kev. ntawm Ryzen CPUs nrog Zen microarchitecture 2 thiab Zen 3).
Tau qhov twg los: opennet.ru