[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Fault attacks on RSA in libgcrypt

From: Jeff Burdges
Subject: Re: [Taler] Fault attacks on RSA in libgcrypt
Date: Wed, 24 Aug 2016 17:47:11 +0200

On Wed, 2016-08-24 at 15:25 +0200, Werner Koch wrote:
> I do not have the time to read that paper right now.  We recently had
> a similar thing with gpgv and dpkg and it was not clear whether we can
> do anything about it anyway.
> Wouldn't a signature verification after creation catch that fault?

I donno.  There are definitely some provable security artifacts here
where just to make the proof scheme make sense they must hypothesize a
ridiculously strong adversary. 

I now think the more promising approach is 
which is not what I implemented in this patch sadly. 

I think this better approach still focuses excessively on fault attacks,
but the methods employed look useful for defeating timing attack
protections too. 

At present, I know too little about timing attack protections in RSA,
but maybe we can find a scheme whose real payoff is timing attack
protections, while giving a measure of fault attack protections.


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]