Here's a great ELI5 summary by reddit user "underachiever" on the reddit discussion page linked to by p4bl0. Can't vouch for its accuracy, but it at least makes a bit of sense to me:<p>Basically you run a co-process that invalidates cache lines by evicting them out of the cache. While each process has their own virtual memory they all share physical memory and physical memory is mapped to the cache in a lossy fashion (because there is less cache than physical memory).
So if you guess that a particular temp variable is on cache line X you can evict it. Now if the algorithm chooses to use that variable based on a bit of the key then you can measure it (the overall operation). So now you know that a particular bit(s) of the key are probably that value.
The trick is to refine the attack so your evictions are meaningful (e.g. you evict the right data and at the right time).<p>Where this attack fails practicality:<p>* It requires the victim to be signing a lot and on demand. That is the attacker basically forces you to sign things<p>* The attacker needs to run an unprivileged task on your machine<p>Where it gets weird ...<p>* The attack can be placed in a completely different VM so long as it runs on the same host processor<p>* The attack is unprivileged<p>* The only way to prevent the attack is to lock down all other cores and processes while this operation is happening
I posted that earlier but it did not get any traction. I guess I should have added "Bitcoin" in the link title…<p>Anyway, there are some reactions on the crypto subreddit (<a href="https://pay.reddit.com/r/crypto/comments/1zmzto/sidechannel_attack_against_openssls_ecdsa/" rel="nofollow">https://pay.reddit.com/r/crypto/comments/1zmzto/sidechannel_...</a>) and Twitter (<a href="https://twitter.com/matthew_d_green/status/441237583725875200" rel="nofollow">https://twitter.com/matthew_d_green/status/44123758372587520...</a>).