Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21
Antonomasia (ant@notatla.demon.co.uk)
Sat, 10 Oct 1998 13:19:10 +0100
Lucky Green wrote:
> > e(K-R) + Q
>
> It is not clear to me how this method would defend against timing attacks.
> As far as I can discern, all this method does is add random noise to the
> timing data. Random noise can be subtracted from the information, leaving
> only the information. Simply put, you would just need more samples to
> perform a timing attack.
Ben Laurie <ben@algroup.co.uk> writes:
> Surely from a timing attack you can only calculate K-R. Since you don't
> know R, you are then no nearer to knowing K.
You often are if you can make multiple observations.
This would be true if I asked your age and you added the score (R) from
a die. Only a few observations (knowing 0<R<7) would pin down the right
value. It would also be true (but slightly harder) for other distibutions
of added random noise.
I know very little about ECC, but wonder if the R and Q need to be
generated for every calculation of e(K-R) + Q.
-- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21