Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21
Ben Laurie (ben@algroup.co.uk)
Sat, 10 Oct 1998 11:37:17 +0100
Lucky Green wrote:
>
> [Thanks for explaining a timing attack on ECC].
>
> > The server can defeat the attack by using the following
> > algorithm:
> >
> > Assume the server's secret key is the integer e, and the
> > attackers elliptic point is K
> >
> > >From time to time the server calulates a random secret
> > elliptic point R, and calculates Q=eR
> >
> > Then instead of calculating eK in order to decrypt the
> > message, the server calculates
> >
> > e(K-R) + Q
>
> It is not clear to me how this method would defend against timing attacks.
> As far as I can discern, all this method does is add random noise to the
> timing data. Random noise can be subtracted from the information, leaving
> only the information. Simply put, you would just need more samples to
> perform a timing attack.
>
> What am I missing?
Surely from a timing attack you can only calculate K-R. Since you don't
know R, you are then no nearer to knowing K.
Cheers,
Ben.
-- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben@algroup.co.uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/WE'RE RECRUITING! http://www.aldigital.co.uk/
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21