From: frantz@netcom.com (Bill Frantz)
To: “Josh M. Osborne” <pmonta@qualcomm.com>
Message Hash: 16756832ba02a9400b418c44869d834ad47d8eb44af21f0673b884cac63df0d6
Message ID: <199512131812.KAA25397@netcom18.netcom.com>
Reply To: N/A
UTC Datetime: 1995-12-13 19:42:43 UTC
Raw Date: Thu, 14 Dec 1995 03:42:43 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 14 Dec 1995 03:42:43 +0800
To: "Josh M. Osborne" <pmonta@qualcomm.com>
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <199512131812.KAA25397@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 8:30 12/13/95 -0500, Josh M. Osborne wrote:
>In message <199512120056.QAA16055@mage.qualcomm.com>, Peter Monta writes:
>>> Of course, this works against a remote adversary, but not against one
>>> on the same machine who can look at actual CPU consumption (which doesn't
>>> increase when the target is blocked).
>>
>>Maybe this is a good reason to spinwait, rather than sleep, until
>>the timer expires. It would be pretty subtle to distinguish that
>>from "real" computation.
>
>Across a net it should be hard. On the same CPU it may be easy. Some
>CPUs with hardware branch prediction keep track of how many branches were
>correctly and incorrectly predected. These registers are not allways
>protected, and not allways "made virtual" by the OS.
Of course you can spend the time doing exponentiation of random
(pseudorandom would probably do) numbers, and when the timer pops, longjump
out to return your answer.
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz@netcom.com Los Gatos, CA 95032, USA
Return to December 1995
Return to “frantz@netcom.com (Bill Frantz)”
1995-12-13 (Thu, 14 Dec 1995 03:42:43 +0800) - Re: Timing Cryptanalysis Attack - frantz@netcom.com (Bill Frantz)