[45441] in Cypherpunks
Re: kocher's timing attack
daemon@ATHENA.MIT.EDU (Hal)
Fri Dec 15 10:18:25 1995
Date: Fri, 15 Dec 1995 06:57:23 -0800
From: Hal <hfinney@shell.portal.com>
To: dreschs@austnsc.tandem.com, jmb@FreeBSD.ORG
Cc: cypherpunks@toad.com
From: dreschs@austnsc.tandem.com (Sten Drescher)
> On Firewalls, "Jonathan M. Bresler" <jmb@FreeBSD.ORG> said:
> JMB> After
> JMB> several large key signing parties hundreds of known ciphertexts
> JMB> could have been generated using Alice's key--each one a public key
> JMB> of someone else. over several years it piles up. the known
> JMB> ciphertexts can be tested/analyzed to yield Alice's secret key.
> JMB> ouch. ;/
>
> Are you sure about this? It would seem that the same principle
> would then apply to signed messages as well, and I find it a bit hard to
> believe that signing messages would make ones key pair vulnerable.
As Kocher's paper implies, the known ciphertext attack is a TIMING
attack. Simply accumulating known text/signature pairs as you would have
after a "key signing party" does not help. You must know exactly how
much time each signature took.
Hal
