[45187] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Mon Dec 11 17:04:05 1995
To: cypherpunks@toad.com
In-Reply-To: Your message of Mon, 11 Dec 95 06:55:27 -0500.
<0kn1kjCMc50e02ivZP@nsb.fv.com>
From: Jim Gillogly <jim@acm.org>
Reply-To: jim@acm.org
Date: Mon, 11 Dec 95 11:20:46 PST
> Nathaniel Borenstein <nsb@nsb.fv.com> writes:
> Hey, don't go for constant time, that's too hard to get perfect. Add a
> *random* delay. This particular crypto-flaw is pretty easy to fix.
> (See, I'm not *always* arguing the downside of cryptography!)
Random delay may be harder to get perfect than constant time. Note that
the actual time for the transaction is the minimum of all the transaction
times you measure, since you can't add a negative delay to them. It's
presumably even easier if the random distribution is known. Adding a
random delay means more transactions are required to find each new bit,
but information is still leaking.
> It is worth noting, however, the extent to which "secure" cryptographic
> protocols keep needing to get fixed one last time.... -- Nathaniel
Amen...
Jim Gillogly
Trewesday, 21 Foreyule S.R. 1995, 19:16
