1995-12-11 - Re: Timing Cryptanalysis Attack
Header Data
From: “Perry E. Metzger” <perry@piermont.com>
To: Tom Weinstein <tomw@netscape.com>
Message Hash: 4a92c5cba4ff0be9a90b92c53787fc11c23ccf35e01eb324ca1ebc054da8bc85
Message ID: <199512111815.NAA02202@jekyll.piermont.com>
Reply To: <30CC02F5.4487@netscape.com>
UTC Datetime: 1995-12-11 21:31:37 UTC
Raw Date: Tue, 12 Dec 1995 05:31:37 +0800
Raw message
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Dec 1995 05:31:37 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <30CC02F5.4487@netscape.com>
Message-ID: <199512111815.NAA02202@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Tom Weinstein writes:
> > I for one will probably add a flag for conditional compilation of my
> > bignumber library so that it will take constant time. This may be a
> > %10 slow down (using small windows exponentiation) which is trivial
> > compared to the %30 speedup I will probably get when I implement a
> > faster mod function :-).
>
> Careful. Even if you can make the number of executed instructions the
> same, you still have to worry about timing differences due to branches
> and the way the hardware multiplier handles different operands.
The trivial way to handle this is simply to check user time with the
right system calls and make sure it always comes out the same with an
apropriate number of sleeps.
Perry
Thread
Return to December 1995
- Return to “Adam Shostack <adam@lighthouse.homeport.org>”
- Return to “anon-remailer@utopia.hacktic.nl (Anonymous)”
- Return to “Black Unicorn <unicorn@schloss.li>”
- Return to “Eric Young <eay@mincom.oz.au>”
- Return to “fc@all.net (Dr. Frederick B. Cohen)”
- Return to “Jeff Weinstein <jsw@netscape.com>”
- Return to “Jim Gillogly <jim@acm.org>”
- Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
- Return to “Matt Blaze <mab@crypto.com>”
- Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Peter Monta <pmonta@qualcomm.com>”
- Return to “Simon Spero <ses@tipper.oit.unc.edu>”
Return to “Tom Weinstein <tomw@netscape.com>”
- 1995-12-11 (Mon, 11 Dec 1995 17:12:49 +0800) - Timing Cryptanalysis Attack - anon-remailer@utopia.hacktic.nl (Anonymous)
- 1995-12-11 (Mon, 11 Dec 1995 17:55:55 +0800) - Re: Timing Cryptanalysis Attack - Eric Young <eay@mincom.oz.au>
- 1995-12-11 (Tue, 12 Dec 1995 06:50:02 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-11 (Mon, 11 Dec 1995 18:27:46 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
- 1995-12-11 (Tue, 12 Dec 1995 05:04:23 +0800) - Re: Timing Cryptanalysis Attack - Eric Young <eay@mincom.oz.au>
- 1995-12-11 (Tue, 12 Dec 1995 05:31:37 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-11 (Tue, 12 Dec 1995 07:02:56 +0800) - Re: Timing Cryptanalysis Attack - Matt Blaze <mab@crypto.com>
- 1995-12-12 (Tue, 12 Dec 1995 13:05:05 +0800) - Re: Timing Cryptanalysis Attack - Peter Monta <pmonta@qualcomm.com>
- 1995-12-13 (Wed, 13 Dec 1995 22:33:48 +0800) - Re: Timing Cryptanalysis Attack - “Josh M. Osborne” <stripes@va.pubnix.com>
- 1995-12-12 (Wed, 13 Dec 1995 05:53:55 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-12 (Tue, 12 Dec 1995 13:05:05 +0800) - Re: Timing Cryptanalysis Attack - Peter Monta <pmonta@qualcomm.com>
- 1995-12-12 (Tue, 12 Dec 1995 14:01:08 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
- 1995-12-12 (Tue, 12 Dec 1995 14:55:20 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-12 (Tue, 12 Dec 1995 11:25:32 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
- 1995-12-12 (Tue, 12 Dec 1995 14:55:20 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-11 (Tue, 12 Dec 1995 07:02:56 +0800) - Re: Timing Cryptanalysis Attack - Matt Blaze <mab@crypto.com>
- 1995-12-12 (Tue, 12 Dec 1995 14:37:57 +0800) - Re: Timing Cryptanalysis Attack - Peter Monta <pmonta@qualcomm.com>
- 1995-12-11 (Tue, 12 Dec 1995 05:10:34 +0800) - Re: Timing Cryptanalysis Attack - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1995-12-12 (Wed, 13 Dec 1995 05:54:04 +0800) - Re: Timing Cryptanalysis Attack - Jim Gillogly <jim@acm.org>
- 1995-12-12 (Wed, 13 Dec 1995 01:21:21 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-12-12 (Wed, 13 Dec 1995 02:06:25 +0800) - Re: Timing Cryptanalysis Attack - fc@all.net (Dr. Frederick B. Cohen)
- 1995-12-12 (Wed, 13 Dec 1995 04:31:34 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-12-13 (Wed, 13 Dec 1995 17:31:54 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
- 1995-12-12 (Wed, 13 Dec 1995 01:21:21 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-12-12 (Wed, 13 Dec 1995 05:54:04 +0800) - Re: Timing Cryptanalysis Attack - Jim Gillogly <jim@acm.org>
- 1995-12-11 (Tue, 12 Dec 1995 05:53:30 +0800) - Re: Timing Cryptanalysis Attack - Jeff Weinstein <jsw@netscape.com>
- 1995-12-12 (Tue, 12 Dec 1995 14:39:12 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-12-12 (Tue, 12 Dec 1995 11:39:15 +0800) - Re: Timing Cryptanalysis Attack - Jeff Weinstein <jsw@netscape.com>
- 1995-12-12 (Tue, 12 Dec 95 01:45:37 PST) - Re: Timing Cryptanalysis Attack - Black Unicorn <unicorn@schloss.li>
- 1995-12-12 (Wed, 13 Dec 1995 00:56:02 +0800) - Re: Timing Cryptanalysis Attack - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-12-12 (Tue, 12 Dec 1995 14:39:12 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
- 1995-12-11 (Tue, 12 Dec 1995 06:50:11 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
- 1995-12-11 (Mon, 11 Dec 1995 17:55:55 +0800) - Re: Timing Cryptanalysis Attack - Eric Young <eay@mincom.oz.au>