[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blinding against Kocher's timing at





Hal <[email protected]> wrote:

>From: [email protected] (Johansson Lars)
>> Does anyone know whether David Chaum's patent on
>> blind digital signatures extends to this application?

[Parts omitted]

>It's conceivable that Kocher's blinding would be a patentable technique
>in itself, and not impossible that he has already applied for a patent
>before publishing.  Probably he would have said so if that were his
>intention, though.

I just found this at RSA:s <http://www.rsa.com/rsaqa.htm> home page:

>Q: Has RSA been "broken"?
>
>   A: No. The attack that Paul Kocher describes is academically 
interesting, but it is >easy to defend systems against his attack using a 
technique called
>   "blinding", developed by Dr. Ron Rivest of RSA.
                          ^^^^^^^^^^^^^^^^^^^^^^^^^
When did Dr. Rivest develop this "blinding" technique?
Was it pre or post Chaum?
Perhaps Rivest himself have applied for this patent.

More info from RSA:s home page:

> Another way is to use a technique called "blinding", in which a random 
number
> is introduced into the decryption process, making it impossible to get any 
useful >data out of timing these transactions.
>
>so instead of doing the usual RSA decryption:
>
>  m = c^d mod n
>
>we perform:
>
> m = r^-1*(c*r^e)^d mod n
>
>where r is a random number, and  is its inverse.

/Lars