From: John Young <jya@pipeline.com>
Date: Sun, 16 Feb 1997 14:43:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: DFA
Message-ID: <199702162243.OAA05104@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Bell wrote:
>does anyone know what has happened to DFA, and the people who
>just a few months ago were publishing such encouraging results?

There seems be sustained investigation of DFA, offensive and defensive,
by Biham and Shamir, by Anderson and Kuhn, by the Bellcore team, by 
Quisquater and others.

However, the smartcard manufacturers appear to have a role in dampening 
publicity about the ongoing research, or at least diminishing the claims of 
effectiveness of DFA. Carol Francher, of Motorola, for example, writes
in February IEEE Spectrum:

   Technology is a wonderful thing but criminals, too, can use it as new 
   equipment and techniques become available or less expensive the 
   barriers to cracking a system may weaken. Recently Bellcore 
   announced a paper, "Cryptanalysis in the presence of hardware faults" 
   (available at www.bellcore.com), that proposed a theoretical method for
   breaking an asymmetric encryption code once a computer (or a 
   smartcard microcontroller) had been forced into faulty behavior.

   The Smart Card Forum, a multi-industry membership organization 
   headquartered in Tampa, Fla., has stated that it does not regard this 
   approach as a real-world risk, since in smartcard applications more 
   than one technique is used to protect the security of the entire system. 
   But the Bellcore methodology for breaking algorithms -- as well as 
   similar theoretical approaches, such as the one taken by two Israeli 
   researchers, Eli Biham and Adi Shamir -- highlights the need to 
   analyze and evolve the security of any system continually.

   -- "In your pocket: smartcards."  <http://jya.com/tee08.htm>

Several of the DFA-type researchers have commented on the smartcard 
industry's reluctance to publicize security weaknesses when the push is 
on to increase consumer trust and use; see, for example, Anderson and
Kuhn at:

  http://www.cl.cam.ac.uk/users/rja14/tamper.html

Quisquater and the SG group also note the reluctance of smartcard
mass-marketers to own up to security shortcomings of which their own
engineers know and fret.

Meanwhile, the DFA proponents and opponents are eagerly absorbing the 
continuing DFA-relatged reports, quietly watching one another, and both 
sides eying the booming smartcard market for lucrative rewards, as Ms. 
Francher suggests: licit and il.