[45326] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Dec 13 09:58:36 1995
From: Adam Shostack <adam@homeport.org>
To: remailer@armadillo.com (Armadillo Remailer)
Date: Wed, 13 Dec 1995 09:39:52 -0500 (EST)
Cc: cypherpunks@toad.com
In-Reply-To: <199512131315.HAA01726@monad.armadillo.com> from "Armadillo Remailer" at Dec 13, 95 07:15:01 am
Armadillo Remailer wrote:
| >My gut & scribble-on-the-back-of-a-napkin feeling about this class of
| >attack is that it could be a problem for smartcards (almost certainly)
|
| Is it a problem to create smartcards that do their calculations in
| fixed time? I'd guess it should be easier than on multi-purpose
| hardware.
Not if the fixed time is in weeks.
If you read the Crypto proceedings, you'll find a number of
papers on using an (untrusted) CPU, such as that in a cash machine, to
aid a smartcard. This is because the CPUs in smartcards are very
slow.
Maximchuck, at Bell Labs, has a protocol for Anonymous Credit
Cards which uses pre-chosen private keys between correspondants and a
set of remailers to anonymize credit card transactions with respsect
to a merchant. (The bank still knows who's buying how much, and I
think where.) Anyway, he freely admits that the reason for private
key work is their cards couldn't handle the public key operations.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
