Paul Kocher's timing attack
Paul Kocher's brutally clever timing attack against on-line implementations of RSA, DSA and fixed-exponent Diffie-Hellman is reported on page A1 of Monday's New York Times ("Secure Digital Transactions Just Got a Little Less Secure" by John Markoff). The attack requires only a few thousand ciphertext samples and works against most implementations of public-key cryptosystems in which the attacker can measure accurately the target's computation time for each sample. I think Kocher's paper is online somewhere; I'll post the URL when I find it. -matt
John Lull wrote:
ftp://ftp.cryptography.com/pub/kocher_timing_attack.ps ftp://ftp.cryptography.com/pub/kocher_timing_attack.ps.gz
The ftp server does not seem to be working. You are better off starting at http://ftp.cryptography.com or going directly to http://ftp.cryptography.com//timingattack.html PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin
You can find info about Paul's attack at: http://www.cryptography.com --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (4)
-
Jeff Weinstein -
lull@acm.org -
Matt Blaze -
Phil Karlton