fyi: Adi Shamir's microprocessor bug attack

James A. Donald jamesd at
Thu Nov 22 18:39:56 EST 2007

James Muir wrote:
 > Can anyone think of a deployed implementation of RSA
 > signatures that would be vulnerable to the attack
 > Shamir mentions?  Hashing and message blinding would
 > seem to thwart it.

As I said, public key encryption has long been known to
be weak against chosen plaintext and chosen cryptotext -
so protocols have long been designed to prevent this
sort of attack.  If they are not so designed, they were
known to be weak before this attack was discovered.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list