Nathaniel Borenstein <nsb@nsb.fv.com> writes: Hey, don't go for constant time, that's too hard to get perfect. Add a *random* delay. This particular crypto-flaw is pretty easy to fix. (See, I'm not *always* arguing the downside of cryptography!)
Random delay may be harder to get perfect than constant time. Note that the actual time for the transaction is the minimum of all the transaction times you measure, since you can't add a negative delay to them. It's presumably even easier if the random distribution is known. Adding a random delay means more transactions are required to find each new bit, but information is still leaking.
It is worth noting, however, the extent to which "secure" cryptographic protocols keep needing to get fixed one last time.... -- Nathaniel
Amen... Jim Gillogly Trewesday, 21 Foreyule S.R. 1995, 19:16