1995-12-14 - Re: kocher’s timing attack

Header Data

From: dreschs@austnsc.tandem.com (Sten Drescher)
To: “Jonathan M. Bresler” <jmb@FreeBSD.ORG>
Message Hash: a9c53df5971b6bf8a1e8766cb21177e42a24d2e14d0909fc368f4ac6af1d5df3
Message ID: <55loofy5qn.fsf@galil.austnsc.tandem.com>
Reply To: <Pine.BSF.3.91.951213191608.19857D-100000@Aspen.Woc.Atinc.COM>
UTC Datetime: 1995-12-14 17:35:21 UTC
Raw Date: Fri, 15 Dec 1995 01:35:21 +0800

Raw message

From: dreschs@austnsc.tandem.com (Sten Drescher)
Date: Fri, 15 Dec 1995 01:35:21 +0800
To: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>
Subject: Re: kocher's timing attack
In-Reply-To: <Pine.BSF.3.91.951213191608.19857D-100000@Aspen.Woc.Atinc.COM>
Message-ID: <55loofy5qn.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


On Firewalls, "Jonathan M. Bresler" <jmb@FreeBSD.ORG> said:

JMB> regarding kocher's timing attack paper:

JMB> RSA attack.  only known ciphertext is needed.  dont know how many
JMB> known ciphertexts are required (related to key size surely).  the
JMB> paper's example is digital signature, rephrase that to Alice signs
JMB> Bob's public key certifying that (you know the story).  After
JMB> several large key signing parties hundreds of known ciphertexts
JMB> could have been generated using Alice's key--each one a public key
JMB> of someone else.  over several years it piles up.  the known
JMB> ciphertexts can be tested/analyzed to yield Alice's secret key.
JMB> ouch.  ;/

	Are you sure about this?  It would seem that the same principle
would then apply to signed messages as well, and I find it a bit hard to
believe that signing messages would make ones key pair vulnerable.

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3





Thread