Eggs, or, To Get Some Entropy You Gotta Break Some Eggs...

[tcmay@got.net (Timothy C. May)]

(Amazing that a discussion of eggs could come back to crypto...)

At 2:17 AM 1/16/96, Rich Graves wrote:

>Kind of analogous to an engineer like Paul Kocher taking a hard look at
>crypto systems that had only been analyzed by pure mathematicians. You
>need to feed the sniffers real entropy, not just highly evolved math.

I keep thinking of different ways of looking at Kocher's timing attack.

(Paul Kocher gave a nice talk at the Bay Area Cypherpunks meeting on Saturday.)

Rich's point above suggests yet another way of looking at this: that a chip
or algorithm that can be "instrumented" (timing measured) is in some sense
too predictable. The chip itself lacks sufficient entropy.

(Before the purists, especially those who've read the paper closely, jump
on me here, I'm not saying adding random delays is the best way to deter
the attack. In fact, a variation of blinding is the best approach it seems.
(Though blinding does not affect attacks which monitor the crypto chip's or
CPU's power dissipation.))

My point, or this angle on it, is that to some extent the mechanistic
nature of the encryption process (such as Diffie-Hellman) can leak
information to an attacker who can watch the mechanistic process unfolding.

This is a result which is not surprising, in retrospect.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."