Re: ECC and timing attacks

James A. Donald (jamesd@echeque.com)
Sat, 10 Oct 1998 11:04:37 -0700

• Next message: James A. Donald: "Re: ECC and timing attacks"
• Previous message: Antonomasia: "Re: ECC and timing attacks"
• Maybe in reply to: Lucky Green: "ECC and timing attacks"
• Next in thread: Anonymous: "Re: ECC and timing attacks"

    --
At 01:19 PM 10/10/98 +0100, Antonomasia wrote:
> I know very little about ECC, but wonder if the R and Q
> need to be generated for every calculation of e(K-R) + Q.

No. They need never change for known methods of the timing
attack. Changing them from time to time is merely an extra
layer of security against the unforeseen.

The attacker uses a known and ever changing K to deduce e
from the way in which the time taken to calculate e*K depends
on K.

If he knows neither e nor (K-R) he has nowhere to start his
timing attack.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     99Zp/aaBU4O0/wb4gLUYXhy7B0QMwaKkSpVHX3rn
     49C/8nVS2GWEO05rdp4gyz5wTJRhnOcHC2I42fOY8
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.

http://www.jim.com/jamesd/      James A. Donald

• Next message: James A. Donald: "Re: ECC and timing attacks"
• Previous message: Antonomasia: "Re: ECC and timing attacks"
• Maybe in reply to: Lucky Green: "ECC and timing attacks"
• Next in thread: Anonymous: "Re: ECC and timing attacks"