Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Timing attack against RSA private keys.

From: Francois Koeune <fkoeune () dice ucl ac be>
Date: Wed, 26 Mar 2003 16:53:13 +0100
I read your post describing Brumley-Boneh's timing attack with much
interest.

However, I feel a bit sceptical about the second countermeasure you
suggest, namely to use larger RSA keys. I am not familiar with details
of Brumley-Boneh's attack, but usually timing attacks' complexity does
not increase dramatically with key size. For example, the timing
attack against RSA without CRT needed 1000-2000 messages to break a
128-bit key, and 5000-10000 messages to break a 512-bit key [1]. If I
remember correctly, Schindler's attack against RSA with CRT (which is
the basis of Brumley-Boneh's attack) evolves similarly with key sizes.

I think it might be risky to conclude that the attack is not practical
against larger keys, simply because the authors present their attack
in a 1024-bit context.

[1] http://www.dice.ucl.ac.be/~fkoeune/thesis.ps.gz

--
 Francois Koeune

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: