[45282] in Cypherpunks
Timing RSA and Certificates worth ??
daemon@ATHENA.MIT.EDU (lyal collins)
Tue Dec 12 20:13:27 1995
Date: Wed, 13 Dec 95 11:44:18 +1100 (EST)
To: cypherpunks@toad.com
From: lyalc@mail.mpx.com.au (lyal collins)
My limited mind induces me to think that a certificate become subject to
timing attacks on the RSA private signing key.
This appears to meet the main critieria of fixed data (for instance, a
bank's certificate in/on ecash), processed widely by a small group of
machines (eg a subset of customers) on inherently untrusted machines (home
PC's) which may or may not have the right software/operating system parts.
Certificates in general, do not appear to lend themselves to "blinding".
In this case, certificate verification processes seem flawed and highly
unreliable.
eg a merchant gets lots of data containing a bank(s) certificate, and
probably encrypted data.
Is this the death knell for STT/SEPP and ecash/echeque systems ???
Some ramblings and thoughts.
lyal
