Re: timing attacks.

burt rosenberg (burt@passaic.cs.miami.edu)
Thu, 25 Jun 1998 11:52:38 -0400 (EDT)

• Next message: Perry E. Metzger: "Re: TEA (was Re: filesystem encryption)"
• Previous message: jcaldwel@iquest.net: "RE: Blowfish II name"
• In reply to: Bruce Schneier: "RE: Blowfish II name"
• Next in thread: Mike Rosing: "Re: timing attacks."
• Reply: Mike Rosing: "Re: timing attacks."

Umm, there's a disconnect here:

> From Alex Alten
> Paul Kocher and team have found a way to break
> smart cards cheaply.
> ...
>
> From Mike Rosing
> So fix the multiply function to always take the same time
> no matter what it's inputs are. Fix the exponential function
> to do a "dummy multiply" which could be a whole bunch of
> nops.

What I'm suggesting is a way to defeat all timing attacks,
whether it be timing, power analysis, electromagnetic radiation ...
whatever ... by leaking provably NO information per calculation,
by randomizing over the set of possible algorithms, rather than
ad hoc patches to disguise particular features of a single algorithm.

As an example, a smart card using the suggested randomized approach
to exponentiation for immunity to timing attacks is ALREADY
also immune to DPA.

No one else working on these?

-burt

• Next message: Perry E. Metzger: "Re: TEA (was Re: filesystem encryption)"
• Previous message: jcaldwel@iquest.net: "RE: Blowfish II name"
• In reply to: Bruce Schneier: "RE: Blowfish II name"
• Next in thread: Mike Rosing: "Re: timing attacks."
• Reply: Mike Rosing: "Re: timing attacks."