James A. Donald (jamesd@echeque.com)
Sat, 10 Oct 1998 10:59:09 -0700
--
James A. Donald:
> > The server can defeat the attack by using the following
> > algorithm:
> >
> > Assume the server's secret key is the integer e, and the
> > attackers elliptic point is K
> >
> > From time to time the server calulates a random secret
> > elliptic point R, and calculates Q=eR
> >
> > Then instead of calculating eK in order to decrypt the
> > message, the server calculates e(K-R) + Q
Lucky Green wrote:
> It is not clear to me how this method would defend against
> timing attacks. As far as I can discern, all this method
> does is add random noise to the timing data.
Discern a little closer. Assume that R and Q never change,
in which case no random noise is added to the timing data,
and yet the timing attack is still defeated.
When I said "from time to time" I actually meant "every time
the server boots up", which of course may be almost never.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
DA65eO0Lg3Bm+t2E26tcEYG/T2Lnb9j8x4kTt+qr
4+eCxgtFmzzEooR6VDpW9nhLEQDpsFjwd6VeWOzQ2
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/ James A. Donald
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21