1995-12-13 - Re: Timing Cryptanalysis Attack

Header Data

From: Peter Monta <pmonta@qualcomm.com>
To: cypherpunks@toad.com
Message Hash: 24c0e9b61ffac4cda2dedfec281cb8d50ec40e8d719e034f7be2c455972a40f8
Message ID: <199512112111.NAA02653@mage.qualcomm.com>
Reply To: N/A
UTC Datetime: 1995-12-13 03:33:21 UTC
Raw Date: Wed, 13 Dec 1995 11:33:21 +0800

Raw message

From: Peter Monta <pmonta@qualcomm.com>
Date: Wed, 13 Dec 1995 11:33:21 +0800
To: cypherpunks@toad.com
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <199512112111.NAA02653@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Kocher says this about padding to constant time:

> ... If a timer is used to delay returning results until a pre-specified
> time, attackers may be able to monitor other aspects of the system
> performance to determine when the cryptographic computation completes.

Perhaps, but an attack would be much more difficult if the monitoring must
be done outside the host doing the computation (viewing a router from
the outside, say, as Eric Young alludes to), since the scope for covert
channels is much reduced.

Peter Monta






Thread