Google Groups Home
Help | Sign in
sci.crypt
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Announce: Timing cryptanalysis of RSA, DH, DSS
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
Ron Rivest  
View profile
  More options Dec 11 1995, 3:00 am
Newsgroups: sci.crypt
From: Ron Rivest <rivest>
Date: 1995/12/11
Subject: Re: Announce: Timing cryptanalysis of RSA, DH, DSS
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
The simplest way to defeat Kocher's timing attack is to ensure that the
cryptographic computations take an amount of time that does not depend on the
data being operated on.  For example, for RSA it suffices to ensure that
a modular multiplication always takes the same amount of time, independent of
the operands.

A second way to defeat Kocher's attack is to use blinding: you "blind" the
data beforehand, perform the cryptographic computation, and then unblind
afterwards.  For RSA, this is quite simple to do.  (The blinding and
unblinding operations still need to take a fixed amount of time.) This doesn't
give a fixed overall computation time, but the computation time is then a
random variable that is independent of the operands.
-
=========================================================================== ===
Ronald L. Rivest  617-253-5880  617-253-8682(Fax) riv...@theory.lcs.mit.edu
=========================================================================== ===


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google