From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 13 Dec 1995 23:03:10 +0800
To: remailer@armadillo.com (Armadillo Remailer)
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <199512131315.HAA01726@monad.armadillo.com>
Message-ID: <199512131439.JAA10842@homeport.org>
MIME-Version: 1.0
Content-Type: text


Armadillo Remailer wrote:

| >My gut & scribble-on-the-back-of-a-napkin feeling about this class of
| >attack is that it could be a problem for smartcards (almost certainly)
| 
| Is it a problem to create smartcards that do their calculations in
| fixed time? I'd guess it should be easier than on multi-purpose
| hardware.

	Not if the fixed time is in weeks.

	If you read the Crypto proceedings, you'll find a number of
papers on using an (untrusted) CPU, such as that in a cash machine, to
aid a smartcard.  This is because the CPUs in smartcards are very
slow.

	Maximchuck, at Bell Labs, has a protocol for Anonymous Credit
Cards which uses pre-chosen private keys between correspondants and a
set of remailers to anonymize credit card transactions with respsect
to a merchant. (The bank still knows who's buying how much, and I
think where.)  Anyway, he freely admits that the reason for private
key work is their cards couldn't handle the public key operations.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume