Full Disclosure mailing list archives
Re: Timing attack against RSA private keys.
From: Francois Koeune <fkoeune () dice ucl ac be>
Date: Wed, 26 Mar 2003 16:53:13 +0100
I read your post describing Brumley-Boneh's timing attack with much interest. However, I feel a bit sceptical about the second countermeasure you suggest, namely to use larger RSA keys. I am not familiar with details of Brumley-Boneh's attack, but usually timing attacks' complexity does not increase dramatically with key size. For example, the timing attack against RSA without CRT needed 1000-2000 messages to break a 128-bit key, and 5000-10000 messages to break a 512-bit key [1]. If I remember correctly, Schindler's attack against RSA with CRT (which is the basis of Brumley-Boneh's attack) evolves similarly with key sizes. I think it might be risky to conclude that the attack is not practical against larger keys, simply because the authors present their attack in a 1024-bit context. [1] http://www.dice.ucl.ac.be/~fkoeune/thesis.ps.gz -- Francois Koeune _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Timing attack against RSA private keys. hack4life (Mar 15)
- <Possible follow-ups>
- Re: Timing attack against RSA private keys. Francois Koeune (Mar 26)