1995-12-13 - Re: Timing Cryptanalysis Attack

Header Data

From: Mark Twain Ecash Support <support@marktwain.com>
To: Adam Shostack <adam@lighthouse.homeport.org>
Message Hash: 6bc87257ed49d45b6f42a74f2c04e01adf6724f9c9e288630b509ecc80d61816
Message ID: <199512131624.KAA20591@admin.starnet.net>
Reply To: N/A
UTC Datetime: 1995-12-13 19:13:34 UTC
Raw Date: Thu, 14 Dec 1995 03:13:34 +0800

Raw message

From: Mark Twain Ecash Support <support@marktwain.com>
Date: Thu, 14 Dec 1995 03:13:34 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <199512131624.KAA20591@admin.starnet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 AM 12/13/95 -0500, you wrote:
>Armadillo Remailer wrote:
>
>| >My gut & scribble-on-the-back-of-a-napkin feeling about this class of
>| >attack is that it could be a problem for smartcards (almost certainly)
>| 
>| Is it a problem to create smartcards that do their calculations in
>| fixed time? I'd guess it should be easier than on multi-purpose
>| hardware.
>
>	Not if the fixed time is in weeks.
>
>	If you read the Crypto proceedings, you'll find a number of
>papers on using an (untrusted) CPU, such as that in a cash machine, to
>aid a smartcard.  This is because the CPUs in smartcards are very
>slow.

DigiCash has been aware of the timing problem for years. Especially as it
relates to smartcards, for which you can get timings down to the clock
cycle. Cosequently, both DigiCash's smartcards and DigiCash's Ecash use
fixed timings.

--Lucky at work

--Mark Twain Bank Ecash Support
  Ecash. The secure Internet payment system that protects your privacy.
  <http://www.marktwain.com/ecash.html>






Thread