1995-12-11 - Re: Timing Cryptanalysis Attack

Header Data

From: Eric Young <eay@mincom.oz.au>
To: Tom Weinstein <tomw@netscape.com>
Message Hash: eccb516a63b5dd4e04c0590a4e15c99a41c34913f5f75c07ec78efec983da5d9
Message ID: <Pine.SOL.3.91.951211204336.28608R-100000@orb>
Reply To: <30CC02F5.4487@netscape.com>
UTC Datetime: 1995-12-11 21:04:23 UTC
Raw Date: Tue, 12 Dec 1995 05:04:23 +0800

Raw message

From: Eric Young <eay@mincom.oz.au>
Date: Tue, 12 Dec 1995 05:04:23 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <30CC02F5.4487@netscape.com>
Message-ID: <Pine.SOL.3.91.951211204336.28608R-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Dec 1995, Tom Weinstein wrote:
> Careful.  Even if you can make the number of executed instructions the
> same, you still have to worry about timing differences due to branches
> and the way the hardware multiplier handles different operands.

Granted.  For my particular library, there are no major 'if statements' I 
believe (I'll check) after you get out of the mod_exp function and into 
the mod and mul sub parts.  As for the multiplier, I just had a look at 
my old 386 book and yup, it does take an argument dependent time... I've 
been around pipelined RISC cpus too long...

eric 
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)






Thread