1996-01-16 - Eggs, or, To Get Some Entropy You Gotta Break Some Eggs…
Header Data
From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 009c97e6f6f0227b46e2381681d1656f867d6e063ed1a5e3e6a6399e67c3551c
Message ID: <ad204f3303021004cb22@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-01-16 02:41:08 UTC
Raw Date: Mon, 15 Jan 96 18:41:08 PST
Raw message
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 18:41:08 PST
To: cypherpunks@toad.com
Subject: Eggs, or, To Get Some Entropy You Gotta Break Some Eggs...
Message-ID: <ad204f3303021004cb22@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain
(Amazing that a discussion of eggs could come back to crypto...)
At 2:17 AM 1/16/96, Rich Graves wrote:
>Kind of analogous to an engineer like Paul Kocher taking a hard look at
>crypto systems that had only been analyzed by pure mathematicians. You
>need to feed the sniffers real entropy, not just highly evolved math.
I keep thinking of different ways of looking at Kocher's timing attack.
(Paul Kocher gave a nice talk at the Bay Area Cypherpunks meeting on Saturday.)
Rich's point above suggests yet another way of looking at this: that a chip
or algorithm that can be "instrumented" (timing measured) is in some sense
too predictable. The chip itself lacks sufficient entropy.
(Before the purists, especially those who've read the paper closely, jump
on me here, I'm not saying adding random delays is the best way to deter
the attack. In fact, a variation of blinding is the best approach it seems.
(Though blinding does not affect attacks which monitor the crypto chip's or
CPU's power dissipation.))
My point, or this angle on it, is that to some extent the mechanistic
nature of the encryption process (such as Diffie-Hellman) can leak
information to an attacker who can watch the mechanistic process unfolding.
This is a result which is not surprising, in retrospect.
--Tim May
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Thread
Return to January 1996
Return to “tcmay@got.net (Timothy C. May)”
1996-01-16 (Mon, 15 Jan 96 18:41:08 PST) - Eggs, or, To Get Some Entropy You Gotta Break Some Eggs… - tcmay@got.net (Timothy C. May)