This side-channel vulnerability has been assigned CVE-2013-4242 and affects gnupg 1.4.x (fixed
in 1.4.14) and gnupg 2.0.x via libgcrypt (fixed in libgcrypt 1.5.3).
The purpose of this message is two-fold. On the one hand, I wanted to give Pat a heads up
about the security releases though the urgency is somewhat limited given the complexity of
the attack. That said, GnuPG's reason for being is security so any vulnerability is worth
I also want to share a very interesting paper
describing the attack for those who enjoy
reading this kind of material.
One thing which stood out as I read it was the incredible efficacy of the attack. With only a
single signing/encryption round, over 98% of the bits of an RSA private key could be recovered.