[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kocher's timing attack

To: "Jonathan M. Bresler" <[email protected]>
Subject: Re: kocher's timing attack
From: [email protected] (Sten Drescher)
Date: 14 Dec 1995 10:23:12 -0600
Cc: [email protected]
In-Reply-To: "Jonathan M. Bresler"'s message of Wed, 13 Dec 1995 19:32:01 -0500 (EST)
Organization: Tandem Computers
References: <[email protected]>
Sender: [email protected]

On Firewalls, "Jonathan M. Bresler" <[email protected]> said:

JMB> regarding kocher's timing attack paper:

JMB> RSA attack.  only known ciphertext is needed.  dont know how many
JMB> known ciphertexts are required (related to key size surely).  the
JMB> paper's example is digital signature, rephrase that to Alice signs
JMB> Bob's public key certifying that (you know the story).  After
JMB> several large key signing parties hundreds of known ciphertexts
JMB> could have been generated using Alice's key--each one a public key
JMB> of someone else.  over several years it piles up.  the known
JMB> ciphertexts can be tested/analyzed to yield Alice's secret key.
JMB> ouch.  ;/

	Are you sure about this?  It would seem that the same principle
would then apply to signed messages as well, and I find it a bit hard to
believe that signing messages would make ones key pair vulnerable.

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3

Follow-Ups:
- Re: kocher's timing attack
  - From: "Jonathan M. Bresler" <[email protected]>

Prev by Date: Re: Timing Cryptanalysis Attack
Next by Date: PGP Interoperability?
Prev by thread: Kocher's Paper
Next by thread: Re: kocher's timing attack
Index(es):
- Date
- Thread