Armadillo Remailer wrote: | >My gut & scribble-on-the-back-of-a-napkin feeling about this class of | >attack is that it could be a problem for smartcards (almost certainly) | | Is it a problem to create smartcards that do their calculations in | fixed time? I'd guess it should be easier than on multi-purpose | hardware. Not if the fixed time is in weeks. If you read the Crypto proceedings, you'll find a number of papers on using an (untrusted) CPU, such as that in a cash machine, to aid a smartcard. This is because the CPUs in smartcards are very slow. Maximchuck, at Bell Labs, has a protocol for Anonymous Credit Cards which uses pre-chosen private keys between correspondants and a set of remailers to anonymize credit card transactions with respsect to a merchant. (The bank still knows who's buying how much, and I think where.) Anyway, he freely admits that the reason for private key work is their cards couldn't handle the public key operations. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume