Relocate-Vote: Using Sparsity Information to Exploit Ciphertext Side-Channels

Confidential computing implementations encrypt guest Virtual Machine (VM) memory to protect workloads from a malicious hypervisor. However, its use of system physical addresses as tweak values causes deterministic encryption for each physical memory address, creating a ciphertext side-channel. To exploit this weakness, we propose Relocate-Vote, a novel primitive that exposes frequency distributions across various memory locations by abusing management commands supported by confidential computing architectures such as SNP_PAGE_MOVE in AMD SEV-SNP. Unlike previous attacks that rely on secret information temporally written into specific locations, Relocate-Vote takes advantage of biases in the distribution of values that applications naturally exhibit, which are preserved under memory encryption with the same tweak values, and uses the spatial distribution of those values to leak sensitive information from confidential VMs. In this work, we demonstrate the generality of this attack primitive by using it to de-randomize Address Space Layout Randomization, extract 3D object data from OpenVDB, and leak token information during sparse LLM inference.