From: frantz@netcom.com (Bill Frantz)
Date: Thu, 14 Dec 1995 03:42:43 +0800
To: "Josh M. Osborne" <pmonta@qualcomm.com>
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <199512131812.KAA25397@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:30 12/13/95 -0500, Josh M. Osborne wrote:
>In message <199512120056.QAA16055@mage.qualcomm.com>, Peter Monta writes:
>>> Of course, this works against a remote adversary, but not against one
>>> on the same machine who can look at actual CPU consumption (which doesn't
>>> increase when the target is blocked).
>>
>>Maybe this is a good reason to spinwait, rather than sleep, until
>>the timer expires.  It would be pretty subtle to distinguish that
>>from "real" computation.
>
>Across a net it should be hard.  On the same CPU it may be easy.  Some
>CPUs with hardware branch prediction keep track of how many branches were
>correctly and incorrectly predected.  These registers are not allways
>protected, and not allways "made virtual" by the OS.

Of course you can spend the time doing exponentiation of random
(pseudorandom would probably do) numbers, and when the timer pops, longjump
out to return your answer.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA