[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kocher's timing attack

To: [email protected], [email protected]
Subject: Re: kocher's timing attack
From: Hal <[email protected]>
Date: Fri, 15 Dec 1995 06:57:23 -0800
Cc: [email protected]
Sender: [email protected]

From: [email protected] (Sten Drescher)
> On Firewalls, "Jonathan M. Bresler" <[email protected]> said:
> JMB> After
> JMB> several large key signing parties hundreds of known ciphertexts
> JMB> could have been generated using Alice's key--each one a public key
> JMB> of someone else.  over several years it piles up.  the known
> JMB> ciphertexts can be tested/analyzed to yield Alice's secret key.
> JMB> ouch.  ;/
> 
> 	Are you sure about this?  It would seem that the same principle
> would then apply to signed messages as well, and I find it a bit hard to
> believe that signing messages would make ones key pair vulnerable.

As Kocher's paper implies, the known ciphertext attack is a TIMING
attack.  Simply accumulating known text/signature pairs as you would have
after a "key signing party" does not help.  You must know exactly how
much time each signature took.

Hal

Follow-Ups:
- Re: kocher's timing attack
  - From: "Jonathan M. Bresler" <[email protected]>

Prev by Date: Re: Blinding against Kocher's timing at
Next by Date: Obfuscating traffic flow (Re: : Pornographic stories)
Prev by thread: Re: kocher's timing attack
Next by thread: Re: kocher's timing attack
Index(es):
- Date
- Thread