[Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"

Jeff Burdges burdges at gnunet.org
Fri Sep 2 06:08:56 EDT 2016


On Fri, 2016-09-02 at 07:52 +0200, Florian Weimer wrote:
> Why bother with patching public keys, making them amenable to
> factorization, if you can patch executable code instead?
> 
> If you can target executable code (and I see why not, it's all the
> same to KSM), it is very clear that there cannot be a software-only
> defense.  (The authors try to frame this as a software problem which
> needs fixes in GnuPG etc.)

If your fault is random, then targeting the key is often more
profitable, ala Lenstra's attack on RSA.  I donno if this holds for
elliptic curves though.

I'd expect however that executable code should actually be easier to
target though since this attack depends upon deduplication.  There are
likely still limits in what you can accomplish though.

I suspect the answer might be improved schemes for randomized key
splitting, like this scheme for RSA from two Certicom guys :
http://dl.acm.org/citation.cfm?doid=1873548.1873556

That Certicom paper only really discusses fault attacks, but maybe some
could show that their scheme or similar improves on other RSA scheme at
timing attack protection more generally.  That might give the necessary
impetus to adopt it.

Jeff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160902/d00152e8/attachment.sig>


More information about the cryptography mailing list