[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Timing Cryptanalysis Attack
Armadillo Remailer ([email protected]) wrote:
>Simon Spero <[email protected]> writes:
>
>>My gut & scribble-on-the-back-of-a-napkin feeling about this class of
>>attack is that it could be a problem for smartcards (almost certainly)
>
>Is it a problem to create smartcards that do their calculations in
>fixed time? I'd guess it should be easier than on multi-purpose
>hardware.
>
>Does the attack work for existing smartcards?
At first glance, smart cards would seem to be the most critical target
to Kocher's timing attack since they usually operate in on-line
environments.
However, all RSA smart cards I'm aware of stores the result of the
RSA computation (be it decryption, signing or authentication)
internally and it can only be read using a Get_Response command.
Of course this may not be satisfying since the terminal could get a
(noisy) measure of the time by repeatingly use this command to
see when the result is available.
Most smart cards does nevertheless require that the user must first
specify a PIN code before the RSA algorithms are operationable.
This implies that even if the card gets stolen can't it be attacked
with Kocher's method.
/Lars Johansson
[email protected]