From: ljo@ausys.se (Johansson Lars)
Date: Sat, 16 Dec 1995 00:28:39 +0800
To: hfinney@shell.portal.com
Subject: Re:  Blinding against Kocher's timing at
Message-ID: <95Dec15.155851gmt+0100.53765@void.ausys.se>
MIME-Version: 1.0
Content-Type: text/plain




Hal <hfinney@shell.portal.com> wrote:

>From: ljo@ausys.se (Johansson Lars)
>> Does anyone know whether David Chaum's patent on
>> blind digital signatures extends to this application?

[Parts omitted]

>It's conceivable that Kocher's blinding would be a patentable technique
>in itself, and not impossible that he has already applied for a patent
>before publishing.  Probably he would have said so if that were his
>intention, though.

I just found this at RSA:s <http://www.rsa.com/rsaqa.htm> home page:

>Q: Has RSA been "broken"?
>
>   A: No. The attack that Paul Kocher describes is academically 
interesting, but it is >easy to defend systems against his attack using a 
technique called
>   "blinding", developed by Dr. Ron Rivest of RSA.
                          ^^^^^^^^^^^^^^^^^^^^^^^^^
When did Dr. Rivest develop this "blinding" technique?
Was it pre or post Chaum?
Perhaps Rivest himself have applied for this patent.

More info from RSA:s home page:

> Another way is to use a technique called "blinding", in which a random 
number
> is introduced into the decryption process, making it impossible to get any 
useful >data out of timing these transactions.
>
>so instead of doing the usual RSA decryption:
>
>  m = c^d mod n
>
>we perform:
>
> m = r^-1*(c*r^e)^d mod n
>
>where r is a random number, and  is its inverse.

/Lars