1995-12-12 - Re: Timing Cryptanalysis Attack

Header Data

From: Jim Gillogly <jim@acm.org>
To: cypherpunks@toad.com
Message Hash: f7bd7f7e9fb13e923bfa5efa1efd15d66e873e465ba0215b1101ad411a8954d7
Message ID: <199512111920.LAA24338@mycroft.rand.org>
Reply To: <0kn1kjCMc50e02ivZP@nsb.fv.com>
UTC Datetime: 1995-12-12 21:54:04 UTC
Raw Date: Wed, 13 Dec 1995 05:54:04 +0800

Raw message

From: Jim Gillogly <jim@acm.org>
Date: Wed, 13 Dec 1995 05:54:04 +0800
To: cypherpunks@toad.com
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <0kn1kjCMc50e02ivZP@nsb.fv.com>
Message-ID: <199512111920.LAA24338@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



> Nathaniel Borenstein <nsb@nsb.fv.com> writes:
> Hey, don't go for constant time, that's too hard to get perfect.  Add a
> *random* delay.  This particular crypto-flaw is pretty easy to fix. 
> (See, I'm not *always* arguing the downside of cryptography!)

Random delay may be harder to get perfect than constant time.  Note that
the actual time for the transaction is the minimum of all the transaction
times you measure, since you can't add a negative delay to them.  It's
presumably even easier if the random distribution is known.  Adding a
random delay means more transactions are required to find each new bit,
but information is still leaking.

> It is worth noting, however, the extent to which "secure" cryptographic
> protocols keep needing to get fixed one last time....  -- Nathaniel

Amen...

	Jim Gillogly
	Trewesday, 21 Foreyule S.R. 1995, 19:16





Thread