[45174] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Eric Young)
Mon Dec 11 13:20:07 1995
Date: Mon, 11 Dec 1995 21:24:41 +1000 (EST)
From: Eric Young <eay@mincom.oz.au>
To: Tom Weinstein <tomw@netscape.com>
Cc: cypherpunks@toad.com
In-Reply-To: <30CC02F5.4487@netscape.com>
On Mon, 11 Dec 1995, Tom Weinstein wrote:
> Careful. Even if you can make the number of executed instructions the
> same, you still have to worry about timing differences due to branches
> and the way the hardware multiplier handles different operands.
Granted. For my particular library, there are no major 'if statements' I
believe (I'll check) after you get out of the mod_exp function and into
the mod and mul sub parts. As for the multiplier, I just had a look at
my old 386 book and yup, it does take an argument dependent time... I've
been around pipelined RISC cpus too long...
eric
--
Eric Young | Signature removed since it was generating
AARNet: eay@mincom.oz.au | more followups than the message contents :-)
