[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blinding against Kocher's timing attacks

To: [email protected], [email protected]
Subject: Re: Blinding against Kocher's timing attacks
From: Hal <[email protected]>
Date: Tue, 12 Dec 1995 13:27:19 -0800
Sender: [email protected]

From: [email protected] (Johansson Lars)
> Does anyone know whether David Chaum's patent on
> blind digital signatures extends to this application?

I don't think it would.  Chaum's blinding protocol has one major
difference: the blinding factor is applied by a different person than
the one doing the signing.  The purpose of the blinding is different,
too; in Chaum's case the idea is to end up with a signature which is
unknown to the signer, while with Kocher's "defensive blinding" the
signature (or decryption) is an ordinary RSA one, and the blinding is
just done internally by the signer to randomize the timing.

(I gather BTW that the idea of the blinding is for the server to have
pre-chosen a random r and pre-calculated r^d mod n, and then when he is
given c to decrypt he first does c*r mod n and then decrypts this, then
takes the result and divides by r^d.)

It's conceivable that Kocher's blinding would be a patentable technique
in itself, and not impossible that he has already applied for a patent
before publishing.  Probably he would have said so if that were his
intention, though.

Hal

"Blind defensively - watch out for the other guy..."

Prev by Date: SmartGate
Next by Date: Re: NT Password Security Update. Registry values changed!
Prev by thread: Blinding against Kocher's timing attacks
Next by thread: Re: Blinding against Kocher's timing attacks
Index(es):
- Date
- Thread