timing attacks.

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

burt rosenberg (burt@passaic.cs.miami.edu)
Tue, 23 Jun 1998 16:39:51 -0400

Next message: Bruce Schneier: "GCHQ discovery of PKC"
Previous message: Bruce Schneier: "Re: WIPO [Was Re: snake oil]"
Next in thread: Mike Rosing: "Re: timing attacks."
Reply: Mike Rosing: "Re: timing attacks."

Kocher's "Timing Attacks on Implementations ..." suggests
as a possible remedy using blinding factors.

Could also the following be used, which might be simpler:

given y, compute y^x (n) by selecting a random splitting
of x as x_1 + x_2 = x (or x + k phi(n) if x is uncomfortably
small) and use the property:

y^x = y^(x_1+x_2) = y^(x_1) y^(x_2) (n)

Assuming the split can be done without leaving a signature
of x in the timing, wouldn't this leave the attacker with
collecting statistics about timings of y^{a random x}?

-burt

Next message: Bruce Schneier: "GCHQ discovery of PKC"
Previous message: Bruce Schneier: "Re: WIPO [Was Re: snake oil]"
Next in thread: Mike Rosing: "Re: timing attacks."
Reply: Mike Rosing: "Re: timing attacks."

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:55 ADT