[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kocher's RSA attack

To: [email protected]
Subject: Kocher's RSA attack
From: [email protected] (Roger Schlafly)
Date: Thu, 14 Dec 1995 01:27:31 -0800
Sender: [email protected]


I read Kocher's paper, but I question its applicability.  One of his
premises is that the time of a modular multiplication varies with
the data.  I've checked my code for modular multiplication, and
the clock cycles to execute don't depend on the data at all.  The
same instructions get executed, and assuming the processor has a
hardware multiply, they take the same time.

When I timed the modular multiplication, I was able to detect some
slight variation, but I attribute this to cache misses, as the variance
with the same data was the same as the variance with different data.

Apparently RSAREF has modular multiplies which vary significantly
with the data, but I maintain this is not necessary.

A good test case for his analysis might be to pull a secret key
from a smart card.  If, say, the Capstone chip modular multiplication
has some timing anomalies, this might be a good way to defeat the
Fortezza card.

Roger Schlafly

Follow-Ups:
- Re: Kocher's RSA attack
  - From: [email protected]

Prev by Date: Re: Timing Cryptanalysis Attack
Next by Date: Re: And the standard continues to lower...
Prev by thread: Denver area meeting, SUNDAY, 12/17, 2 pm
Next by thread: Re: Kocher's RSA attack
Index(es):
- Date
- Thread