[45383] in Cypherpunks
Re: kocher's timing attack
daemon@ATHENA.MIT.EDU (Sten Drescher)
Thu Dec 14 12:09:10 1995
To: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>
Cc: cypherpunks@toad.com
From: dreschs@austnsc.tandem.com (Sten Drescher)
Date: 14 Dec 1995 10:23:12 -0600
In-Reply-To: "Jonathan M. Bresler"'s message of Wed, 13 Dec 1995 19:32:01 -0500 (EST)
On Firewalls, "Jonathan M. Bresler" <jmb@FreeBSD.ORG> said:
JMB> regarding kocher's timing attack paper:
JMB> RSA attack. only known ciphertext is needed. dont know how many
JMB> known ciphertexts are required (related to key size surely). the
JMB> paper's example is digital signature, rephrase that to Alice signs
JMB> Bob's public key certifying that (you know the story). After
JMB> several large key signing parties hundreds of known ciphertexts
JMB> could have been generated using Alice's key--each one a public key
JMB> of someone else. over several years it piles up. the known
JMB> ciphertexts can be tested/analyzed to yield Alice's secret key.
JMB> ouch. ;/
Are you sure about this? It would seem that the same principle
would then apply to signed messages as well, and I find it a bit hard to
believe that signing messages would make ones key pair vulnerable.
--
#include <disclaimer.h> /* Sten Drescher */
To get my PGP public key, send me email with your public key and
Subject: PGP key exchange
Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
