RE: ECC and timing attacks

Lucky Green (shamrock@netcom.com)
Fri, 9 Oct 1998 23:52:14 -0700

• Next message: Ben Laurie: "Re: ECC and timing attacks"
• Previous message: Lucky Green: "RE: ECC and timing attacks"
• In reply to: Tim Dierks: "Re: ECC and timing attacks"
• Next in thread: Ben Laurie: "Re: ECC and timing attacks"
• Reply: Ben Laurie: "Re: ECC and timing attacks"

[Thanks for explaining a timing attack on ECC].

> The server can defeat the attack by using the following
> algorithm:
>
> Assume the server's secret key is the integer e, and the
> attackers elliptic point is K
>
> >From time to time the server calulates a random secret
> elliptic point R, and calculates Q=eR
>
> Then instead of calculating eK in order to decrypt the
> message, the server calculates
>
> e(K-R) + Q

It is not clear to me how this method would defend against timing attacks.
As far as I can discern, all this method does is add random noise to the
timing data. Random noise can be subtracted from the information, leaving
only the information. Simply put, you would just need more samples to
perform a timing attack.

What am I missing?

Thanks,
--Lucky

• Next message: Ben Laurie: "Re: ECC and timing attacks"
• Previous message: Lucky Green: "RE: ECC and timing attacks"
• In reply to: Tim Dierks: "Re: ECC and timing attacks"
• Next in thread: Ben Laurie: "Re: ECC and timing attacks"
• Reply: Ben Laurie: "Re: ECC and timing attacks"