Timing Cryptanalysis Attack
Jim Gillogly
jim at acm.org
Tue Dec 12 13:54:04 PST 1995
> Nathaniel Borenstein <nsb at nsb.fv.com> writes:
> Hey, don't go for constant time, that's too hard to get perfect. Add a
> *random* delay. This particular crypto-flaw is pretty easy to fix.
> (See, I'm not *always* arguing the downside of cryptography!)
Random delay may be harder to get perfect than constant time. Note that
the actual time for the transaction is the minimum of all the transaction
times you measure, since you can't add a negative delay to them. It's
presumably even easier if the random distribution is known. Adding a
random delay means more transactions are required to find each new bit,
but information is still leaking.
> It is worth noting, however, the extent to which "secure" cryptographic
> protocols keep needing to get fixed one last time.... -- Nathaniel
Amen...
Jim Gillogly
Trewesday, 21 Foreyule S.R. 1995, 19:16
More information about the cypherpunks-legacy
mailing list