From: Andreas Bogk <andreas@artcom.de>
Date: Fri, 15 Dec 1995 06:06:32 +0800
To: hoz@univel.telescan.com
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <9512141637.AA11479@toad.com>
Message-ID: <m0tQKk7-0002e8C@horten>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "rick" == rick hoselton <hoz@univel.telescan.com> writes:

    rick> On another note, timing attacks would not seem to work
    rick> against most DES implementations, hardware or software.  The
    rick> time to execute each round does not seem to depend on the
    rick> plaintext or the key.  It could be made to, of course, but
    rick> unless I'm missing something, the "natural" way to code it,
    rick> or to construct hardware for it, is not time dependent.

Someone mentioned measuring power consumption instead of execution
time. I think the same statistics should apply in that case.

Of course this attack requires knowledge of the chip design, but that
should be possible to gain. It's certainly easier than reading
information from a protected EEPROM.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMNCQGEyjTSyISdw9AQEt6wP+LWttWh2i9S8G/zvjU0cM0Rcw4uA/JGRo
Qb0QrTfEZ6NI/oCWe4JTZCEQCgGZJ9ApoZMERHTGi4568dD3Cn3jZCkGVYfbeYxq
ShOij0DaxkrjaRTsRgmhHVainB1bv5JE3heXYYRgGTLIDkclGtayz8VON3Yr7Oop
mSBr/Fot5B4=
=YOEs
-----END PGP SIGNATURE-----