[45261] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Dec 12 14:18:26 1995
From: Adam Shostack <adam@homeport.org>
To: adam@lighthouse.homeport.org (Adam Shostack)
Date: Tue, 12 Dec 1995 12:59:57 -0500 (EST)
Cc: jim@acm.org, cypherpunks@toad.com
In-Reply-To: <199512121525.KAA09078@homeport.org> from "Adam Shostack" at Dec 12, 95 10:25:19 am
Nope, I'm wrong, as Fred and Simon point out. The noise makes
finding the times more difficult by some small factor, nothing more.
I'll stop writing these things in the morning. :)
I wrote:
| Does the delay have to be random, or does the total time for a
| transacation need to be unrelated to the bits in the secret key?
| Assume that the time added is pseudo-random (and confidential).
| Further, for any non-overlapping group of N transactions, the
| distribution of the times fits some predetermined curve, say a bell
| curve.
|
| We've added a non random number, but since those numbers end
| up being a curve, it would be difficult to determine which transaction
| got which time added to it. This resembles the 'make them all a
| constant time', but allows us to send out some in a shorter time than
| the maximum (although most transactions should probably take longer
| than the average.)
