fyi: Adi Shamir's microprocessor bug attack

Christian Paquin paquin at
Wed Nov 21 15:23:53 EST 2007

' =JeffH ' wrote:
> From: John Young <cryptome at>
> [...]
> Research Announcement: Microprocessor Bugs Can Be Security Disasters
> [...]
> A similar attack can be applied to any security scheme based on
> discrete logs modulo a prime, and to any security scheme based on
> elliptic curves (in which we can also exploit division bugs)

Does somebody know if, in case of a discrete log scheme, this would 
result in an attack using one chosen message (like for RSA), or would 
the attack be similar to the one described by Boneh, DeMillo and Lipton 
for Schnorr's identification protocol and require O(n log n) executions?

  - Christian

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list