From: hoz@univel.telescan.com (rick hoselton)
To: cypherpunks@toad.com
Message Hash: d73bca18ce8bfc14ef630da3ee89f3d1378635b1848d8fd6884723f89afa1a94
Message ID: <9512141637.AA11479@toad.com>
Reply To: N/A
UTC Datetime: 1995-12-14 17:32:22 UTC
Raw Date: Fri, 15 Dec 1995 01:32:22 +0800
From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 15 Dec 1995 01:32:22 +0800
To: cypherpunks@toad.com
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <9512141637.AA11479@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
At 03:42 PM 12/14/95 +0100, Lars Johansson wrote:
>>Does the attack work for existing smartcards?
>At first glance, smart cards would seem to be the most critical target
>to Kocher's timing attack since they usually operate in on-line
>environments.
Not just on-line, they also operate in untrusted (hostile?)
environments.
>...the terminal could get a (noisy) measure of the time by
> repeatingly use this command to see when the result is available.
Might a terminal also be able to monitor power consumption or
electromagnetic emissions to obtain a more precise time estimate?
>Most smart cards does nevertheless require that the user must first
>specify a PIN code before the RSA algorithms are operationable.
If I used my RSA card every day, (at a toll booth, for instance), and
the "bad guys" pilfered an "exact" timing upon each use, how long before
they could forge a signature?
>This implies that even if the card gets stolen can't it be attacked
>with Kocher's method.
That is useful, but if I know my card is stolen, I can presumably limit
my liability by reporting it. If I still have my card, but my secret
key is stolen, then damage might be greater.
On another note, timing attacks would not seem to work against
most DES implementations, hardware or software. The time to execute
each round does not seem to depend on the plaintext or the key. It could
be made to, of course, but unless I'm missing something, the "natural" way to
code it, or to construct hardware for it, is not time dependent.
Rick F. Hoselton (who doesn't claim to present opinions for others)
Return to December 1995
Return to “hoz@univel.telescan.com (rick hoselton)”