[17558] in cryptography@c2.net mail archive
Re: Optimisation Considered Harmful
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Fri Jun 24 11:38:02 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 24 Jun 2005 01:25:37 -0400
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: Jerrold Leichter <jerrold.leichter@smarts.com>
Cc: Ben Laurie <ben@algroup.co.uk>,
Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Jerrold Leichter <jerrold.leichter@smarts.com>,
Ben Laurie <ben@algroup.co.uk>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <Pine.SOL.4.61.0506230655440.11749@frame>
On Thu, Jun 23, 2005 at 07:36:38AM -0400, Jerrold Leichter wrote:
> - Develop algorithms that offer reasonable performance even if
> implemented in "unoptimized" ways. This will be difficult
> to maintain in the face of ever-increasing hardware optimiza-
> tions that you can't just turn off by "not using -O".
>
> - Live with less performance and hope that raw hardware speeds will
> catch up.
>
> - Use specialized hardware, designed not to leak side-channel
> information.
>
> - ?
- Find reasonably efficient masking strategies, that assume
that side-channel attacks are here to stay, and randomly choose
one of many isomorphic ways to perform the computation. The
masking would have to eliminate key/data correlation from all
"observables" other than the final output.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
