1995-12-14 - Re: Attacking Clipper with timing info?

Header Data

From: Matt Blaze <mab@crypto.com>
To: Jim_Miller@bilbo.suite.com
Message Hash: e063cbdfba1410da976bc2b0c72c11a9c05cbbcf34403c73c04dc19a9422d04e
Message ID: <199512140531.AAA23535@crypto.com>
Reply To: <9512140222.AA23036@bilbo.suite.com>
UTC Datetime: 1995-12-14 06:23:12 UTC
Raw Date: Thu, 14 Dec 1995 14:23:12 +0800

Raw message

From: Matt Blaze <mab@crypto.com>
Date: Thu, 14 Dec 1995 14:23:12 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Re: Attacking Clipper with timing info?
In-Reply-To: <9512140222.AA23036@bilbo.suite.com>
Message-ID: <199512140531.AAA23535@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> That was indeed what I was wondering.  I expect we wont have to wait too  
> long before we hear whether Clipper chips require the same or a different  
> amount of time to encrypt/decrypt.  Should be interesting.
>
Clipper chips require fixed time to do a codebook cipher operation (exactly
64 clock ticks).  It's in the chip spec.

Capstone chips, on the other hand (as embodied in Tessera/Fortezza) have
public-key operations (DSA and a classified key exchange algorithm called
KEA that appears based on its interface to be El Gamal-like).  The cards
aren't supposed to reveal the secrets stored on them, ever.  There does
appear to be some variability in those functions, however.  I've not yet
reached any firm conclusions, however.

-matt






Thread