1995-12-13 - Timing RSA and Certificates worth ??

Header Data

From: lyalc@mail.mpx.com.au (lyal collins)
To: cypherpunks@toad.com
Message Hash: 5d7af9bcd9731eb2d82941f5cf2161b80b6954070b0c63a3ab5b74d43e1b961f
Message ID: <m0tPfIw-0006O8C@kyoko.mpx.com.au>
Reply To: N/A
UTC Datetime: 1995-12-13 00:45:02 UTC
Raw Date: Tue, 12 Dec 95 16:45:02 PST

Raw message

From: lyalc@mail.mpx.com.au (lyal collins)
Date: Tue, 12 Dec 95 16:45:02 PST
To: cypherpunks@toad.com
Subject: Timing RSA and Certificates worth ??
Message-ID: <m0tPfIw-0006O8C@kyoko.mpx.com.au>
MIME-Version: 1.0
Content-Type: text/plain


My limited mind induces me to think that a certificate become subject to
timing attacks on the RSA private signing key.
This appears to meet the main critieria of fixed data (for instance, a
bank's certificate in/on ecash), processed widely by a small group of
machines (eg a subset of customers) on inherently untrusted machines (home
PC's) which may or may not have the right software/operating system parts.
Certificates in general, do not appear to lend themselves to "blinding".

In this case, certificate verification  processes seem flawed and highly
unreliable.
eg a merchant gets lots of data containing a bank(s) certificate, and
probably encrypted data. 
Is this the death knell for STT/SEPP and ecash/echeque systems ???

Some ramblings and thoughts.
lyal






Thread