Optimisation Considered Harmful

Victor Duchovni Victor.Duchovni at MorganStanley.com
Fri Jun 24 01:25:37 EDT 2005


On Thu, Jun 23, 2005 at 07:36:38AM -0400, Jerrold Leichter wrote:

> 	- Develop algorithms that offer reasonable performance even if
> 		implemented in "unoptimized" ways.  This will be difficult
> 		to maintain in the face of ever-increasing hardware optimiza-
> 		tions that you can't just turn off by "not using -O".
> 
> 	- Live with less performance and hope that raw hardware speeds will
> 		catch up.
> 
> 	- Use specialized hardware, designed not to leak side-channel
> 		information.
> 
> 	- ?

	- Find reasonably efficient masking strategies, that assume
	that side-channel attacks are here to stay, and randomly choose
	one of many isomorphic ways to perform the computation. The
	masking would have to eliminate key/data correlation from all
	"observables" other than the final output.


-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list