From: “Perry E. Metzger” <perry@piermont.com>
To: Tom Weinstein <tomw@netscape.com>
Message Hash: 4a92c5cba4ff0be9a90b92c53787fc11c23ccf35e01eb324ca1ebc054da8bc85
Message ID: <199512111815.NAA02202@jekyll.piermont.com>
Reply To: <30CC02F5.4487@netscape.com>
UTC Datetime: 1995-12-11 21:31:37 UTC
Raw Date: Tue, 12 Dec 1995 05:31:37 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Dec 1995 05:31:37 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <30CC02F5.4487@netscape.com>
Message-ID: <199512111815.NAA02202@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Tom Weinstein writes:
> > I for one will probably add a flag for conditional compilation of my
> > bignumber library so that it will take constant time. This may be a
> > %10 slow down (using small windows exponentiation) which is trivial
> > compared to the %30 speedup I will probably get when I implement a
> > faster mod function :-).
>
> Careful. Even if you can make the number of executed instructions the
> same, you still have to worry about timing differences due to branches
> and the way the hardware multiplier handles different operands.
The trivial way to handle this is simply to check user time with the
right system calls and make sure it always comes out the same with an
apropriate number of sleeps.
Perry
Return to December 1995
Return to “Tom Weinstein <tomw@netscape.com>”