[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blinding against Kocher's timing attacks

To: [email protected]
Subject: Blinding against Kocher's timing attacks
From: [email protected] (Johansson Lars)
Date: Tue, 12 Dec 1995 16:10:00 +0100
Sender: [email protected]



Ron Rivest wrote (at sci.crypt):
>The simplest way to defeat Kocher's timing attack is to ensure that the
>cryptographic computations take an amount of time that does not depend on 
the
>data being operated on.  For example, for RSA it suffices to ensure that
>a modular multiplication always takes the same amount of time, independent 
of
>the operands.
>
>A second way to defeat Kocher's attack is to use blinding: you "blind" the
>data beforehand, perform the cryptographic computation, and then unblind
>afterwards.  For RSA, this is quite simple to do.  (The blinding and
>unblinding operations still need to take a fixed amount of time.) This 
doesn't
>give a fixed overall computation time, but the computation time is then a
>random variable that is independent of the operands.

Does anyone know whether David Chaum's patent on
blind digital signatures extends to this application?

Kind regards,
/Lars Johansson

[email protected]
http://www.ausys.se/defaulte.htm

Prev by Date: Hacking FV is just no fun (was Re: More FUD from First Virtual [NOISE])
Next by Date: Re: Timing Attack Paper
Prev by thread: Today's Baltimore Sun on the NSA...
Next by thread: Re: Blinding against Kocher's timing attacks
Index(es):
- Date
- Thread