Optimisation Considered Harmful
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Fri Jun 24 01:25:37 EDT 2005
On Thu, Jun 23, 2005 at 07:36:38AM -0400, Jerrold Leichter wrote:
> - Develop algorithms that offer reasonable performance even if
> implemented in "unoptimized" ways. This will be difficult
> to maintain in the face of ever-increasing hardware optimiza-
> tions that you can't just turn off by "not using -O".
>
> - Live with less performance and hope that raw hardware speeds will
> catch up.
>
> - Use specialized hardware, designed not to leak side-channel
> information.
>
> - ?
- Find reasonably efficient masking strategies, that assume
that side-channel attacks are here to stay, and randomly choose
one of many isomorphic ways to perform the computation. The
masking would have to eliminate key/data correlation from all
"observables" other than the final output.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list