[45331] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Dec 13 14:10:52 1995
Date: Wed, 13 Dec 1995 10:14:42 -0800
To: "Josh M. Osborne" <stripes@va.pubnix.com>,
Peter Monta <pmonta@qualcomm.com>
From: frantz@netcom.com (Bill Frantz)
Cc: cypherpunks@toad.com, Matt Blaze <mab@crypto.com>
At 8:30 12/13/95 -0500, Josh M. Osborne wrote:
>In message <199512120056.QAA16055@mage.qualcomm.com>, Peter Monta writes:
>>> Of course, this works against a remote adversary, but not against one
>>> on the same machine who can look at actual CPU consumption (which doesn't
>>> increase when the target is blocked).
>>
>>Maybe this is a good reason to spinwait, rather than sleep, until
>>the timer expires. It would be pretty subtle to distinguish that
>>from "real" computation.
>
>Across a net it should be hard. On the same CPU it may be easy. Some
>CPUs with hardware branch prediction keep track of how many branches were
>correctly and incorrectly predected. These registers are not allways
>protected, and not allways "made virtual" by the OS.
Of course you can spend the time doing exponentiation of random
(pseudorandom would probably do) numbers, and when the timer pops, longjump
out to return your answer.
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz@netcom.com Los Gatos, CA 95032, USA
