Re: ECC and timing attacks

Perry E. Metzger (perry@piermont.com)
Fri, 09 Oct 1998 11:53:44 -0400

• Next message: Blake Coverett: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"
• Previous message: Mok-Kong Shen: "Re: Avalanche Depth of hash functions"
• In reply to: Keith Lockstone: "Avalanche Depth of hash functions"
• Next in thread: Lucky Green: "RE: ECC and timing attacks"

Remember, done right, protecting against timing attacks can leave your
CPU free to do other tasks. On a huge server, that's a win.

.pm

Eric Young writes:
> On Thu, 8 Oct 1998, Tim Dierks wrote:
> > We have reason to believe that ECC can be protected against timing attacks,
> > as can other algorithms. The interesting question is how expensive a
> > protected algorithm is: with at least some variants of ECC, it's likely
> > that protection is available at a lower computational cost (approaching
> > free) than it is with other algorithms, such as RSA.
>
> hmm... the blinding cost for RSA is not what I would call high, for a
> pentium II 333 linux,
>
> normal blinding % diff
> rsa 512 0.0033s 0.0036s %9
> rsa 1024 0.0187s 0.0193s %3
> rsa 2048 0.1180s 0.1213s %2
> rsa 4096 0.7785s 0.7885s %1
>
> eric
>

• Next message: Blake Coverett: "Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)"
• Previous message: Mok-Kong Shen: "Re: Avalanche Depth of hash functions"
• In reply to: Keith Lockstone: "Avalanche Depth of hash functions"
• Next in thread: Lucky Green: "RE: ECC and timing attacks"