NIST hash function design competition
Florian Weimer
fw at deneb.enyo.de
Thu Jul 20 16:53:56 EDT 2006
* Travis H.:
> On 7/11/06, "Hal Finney" <hal at finney.org> wrote:
>> : So what went wrong? Answer: NIST failed to recognize that table lookups
>> : do not take constant time. â"Table lookup: not vulnerable to timing
>> : attacks," NIST stated in [19, Section 3.6.2]. NIST's statement was,
>> : and is, incorrect.
>
> That's interesting, since it is in line with conventional reasoning
> about algorithms. I've skimmed his paper, and I've taken a class on
> computer architecture and I haven't the foggiest idea where the
> variable timing comes from. Does anyone know if any of the following
> account for the phenomenon?
>
> 1) cache fills as we ascend through memory
> 2) additions (base+index) taking non-constant time (could be fixed
> with pointers if we're going sequentially)
> 3) virtual memory considerations (e.g. fetching new a page for a higher address)
> 4) TLB misses
Is this about Colin Percival's work? IIRC, it's mainly about shared
associative caches which leak information about what addresses are
being cached across trust boundaries.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list