CryptoLib includes the following: [...] quantization (Defense against Kocher's timing attack) quantized RSA, DSA and El Gamal private key operations.
Maybe this is an incorrect conclusion, but here seems to be a _second_ group who knew about Kocher's timing attack before Kocher did. What on earth would ECash or ATT have to gain by keeping such knowledge a secret?
-- Will
Although it's very tempting to come up with an elaborate confession to being part of the big conspiracy of the powers-that-be to suppress our most brilliant cryptologic discoveries, I must admit that in fact you have reached an incorrect conclusion. I added the quantization stuff to CryptoLib over the weekend right after I read Kocher's paper. I posted the routines to cypherpunks and sci.crypt yesterday. You must have missed it. Also, it should be pointed out that the idea that timing information can leak information (like bit density) about keys has been well-known for a long time. I understand that NSA cryptosystems have long required fixed response time for some (but not all...) cryptographic primitives in comsec equipment. But understanding that timing information might be a threat in principle is not the same as understanding how to exploit it in practice. Kocher's observations are very, very surprising. -matt