[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Fault attacks on RSA in libgcrypt
|
From: |
Jeff Burdges |
|
Subject: |
Re: [Taler] Fault attacks on RSA in libgcrypt |
|
Date: |
Wed, 24 Aug 2016 17:47:11 +0200 |
On Wed, 2016-08-24 at 15:25 +0200, Werner Koch wrote:
> I do not have the time to read that paper right now. We recently had
> a similar thing with gpgv and dpkg and it was not clear whether we can
> do anything about it anyway.
>
> Wouldn't a signature verification after creation catch that fault?
I donno. There are definitely some provable security artifacts here
where just to make the proof scheme make sense they must hypothesize a
ridiculously strong adversary.
I now think the more promising approach is
http://dl.acm.org/citation.cfm?doid=1873548.1873556
which is not what I implemented in this patch sadly.
I think this better approach still focuses excessively on fault attacks,
but the methods employed look useful for defeating timing attack
protections too.
At present, I know too little about timing attack protections in RSA,
but maybe we can find a scheme whose real payoff is timing attack
protections, while giving a measure of fault attack protections.
Jeff
signature.asc
Description: This is a digitally signed message part