[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timing Cryptanalysis Attack

To: [email protected] (Armadillo Remailer)
Subject: Re: Timing Cryptanalysis Attack
From: Adam Shostack <[email protected]>
Date: Wed, 13 Dec 1995 09:39:52 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Armadillo Remailer" at Dec 13, 95 07:15:01 am
Sender: [email protected]

Armadillo Remailer wrote:

| >My gut & scribble-on-the-back-of-a-napkin feeling about this class of
| >attack is that it could be a problem for smartcards (almost certainly)
| 
| Is it a problem to create smartcards that do their calculations in
| fixed time? I'd guess it should be easier than on multi-purpose
| hardware.

	Not if the fixed time is in weeks.

	If you read the Crypto proceedings, you'll find a number of
papers on using an (untrusted) CPU, such as that in a cash machine, to
aid a smartcard.  This is because the CPUs in smartcards are very
slow.

	Maximchuck, at Bell Labs, has a protocol for Anonymous Credit
Cards which uses pre-chosen private keys between correspondants and a
set of remailers to anonymize credit card transactions with respsect
to a merchant. (The bank still knows who's buying how much, and I
think where.)  Anyway, he freely admits that the reason for private
key work is their cards couldn't handle the public key operations.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:
- Re: Timing Cryptanalysis Attack
  - From: Armadillo Remailer <[email protected]>

Prev by Date: Re: Timing Cryptanalysis Attack
Next by Date: Re: e-Cash: CAFE vs. Mondex
Prev by thread: Re: Timing Cryptanalysis Attack
Next by thread: Re: Timing Cryptanalysis Attack
Index(es):
- Date
- Thread