Blinding against Kocher's timing at
Johansson Lars
ljo at ausys.se
Fri Dec 15 08:28:39 PST 1995
Hal <hfinney at shell.portal.com> wrote:
>From: ljo at ausys.se (Johansson Lars)
>> Does anyone know whether David Chaum's patent on
>> blind digital signatures extends to this application?
[Parts omitted]
>It's conceivable that Kocher's blinding would be a patentable technique
>in itself, and not impossible that he has already applied for a patent
>before publishing. Probably he would have said so if that were his
>intention, though.
I just found this at RSA:s <http://www.rsa.com/rsaqa.htm> home page:
>Q: Has RSA been "broken"?
>
> A: No. The attack that Paul Kocher describes is academically
interesting, but it is >easy to defend systems against his attack using a
technique called
> "blinding", developed by Dr. Ron Rivest of RSA.
^^^^^^^^^^^^^^^^^^^^^^^^^
When did Dr. Rivest develop this "blinding" technique?
Was it pre or post Chaum?
Perhaps Rivest himself have applied for this patent.
More info from RSA:s home page:
> Another way is to use a technique called "blinding", in which a random
number
> is introduced into the decryption process, making it impossible to get any
useful >data out of timing these transactions.
>
>so instead of doing the usual RSA decryption:
>
> m = c^d mod n
>
>we perform:
>
> m = r^-1*(c*r^e)^d mod n
>
>where r is a random number, and is its inverse.
/Lars
More information about the cypherpunks-legacy
mailing list