33 cal information such as time, sound, power consumption, electromagnetic radiation etc. leaked from the hardware platform during encryption and decryption to reveal the internal states of the algorithm, thus the knowledge of key can be inferred.Cache timing attacks [3] are one category of side channel attacks. The time difference between Cache access and non-Cache access are considered as the leakage source. Typically, a spy process can be used to set the Cache to a known state and monitor the change of the state to gather the information on the Cache accesses of victim process. Since the proposal of Cache timing attack, it has been used to break various public-key cryptography and block cipher, such as RSA [4], DSA [6], El-Gamal [14], AES [7][15][16][17].Existing Cache timing attacks on RSA are divided into two categories. The first category is based on monitoring the specific instructions [5] [8]. The dummy instructions of the spy process precisely maps to the same L1 Cache location with the specific instructions of victim process. In this way, the adversary creates a conflict between dummy instructions and the specific instructions. Therefore, the execution of the specific instructions by the victim can be detected. The other category is based on monitoring the entire L1 Cache [4] [6]. The adversary can fill the entire L1 Cache with Abstract: FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks. There are three essential factors in this attack, which are monitored instructions, threshold and waiting interval. However, existing literature seldom exploit how and why they could affect the system. This paper aims to study the impacts of these three parameters, and the method of how to choose optimal values. The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed. How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed. Meanwhile, the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified. Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm. The results show that the average success rate of full RSA key recovery is 89.67%.