Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20
James A. Donald (jamesd@echeque.com)
Thu, 08 Oct 1998 07:33:21 -0700
--
At 12:08 AM 10/8/98 -0700, Lucky Green wrote:
> Is anybody here aware of timing attacks against ECC? Are
> there theoretical reasons why timing attacks will or will
> not work with ECC?
Assume the attacker sends encrypted messages to the server.
Each message gets an automatic response, and the attacker
measures the response time.
To decrypt the messages, the server needs to multiply an
elliptic point provided by the attacker by the server's
secret key.
The standard timing attack will then work as usual, since
each 1 bit in the secret key will take a characteristic time,
and the time depends on the elliptic point provided.
The server can defeat the attack by using the following
algorithm:
Assume the server's secret key is the integer e, and the
attackers elliptic point is K
>From time to time the server calulates a random secret
elliptic point R, and calculates Q=eR
Then instead of calculating eK in order to decrypt the
message, the server calculates
e(K-R) + Q
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
QP+YQ6+++tWReVkcLFQeywGsnUSkFsxLUuKNYa7t
4MG7RuEtVZeUBvWrdrMPn6kcr0ZwFWBxB00HChtkw
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/ James A. Donald
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20