[Cryptography] Vulnerability of RSA vs. DLP to single-bit faults
Tom Mitchell
mitch at niftyegg.com
Sun Nov 2 21:18:56 EST 2014
On Sat, Nov 1, 2014 at 6:08 PM, Dave Horsfall <dave at horsfall.org> wrote:
> On Sat, 1 Nov 2014, Tom Mitchell wrote:
>
> > FWIW: The alpha particle cause mostly does not apply. There was a
> > case at IBM where contamination of packages did cause Alpha particle bit
> > flips [...]
>
> I'm surprised. Everything I was taught about alpha particles (i.e. helium
> nuclei) was that just a sheet of paper will stop them. Or is this alpha
> decay from within, as you seem to imply?
>
Yes...
The IBM issue was contaminated ceramic packaging material and
was an eye opener. The IBM case is commonly used in a problem
solving case in a training program for the "is and is-not folk". I forget
the product name that uses it. And yes a thin layer of foil or paper
can be expected to stop alpha particles. Even a thin layer of gold leaf
at near three atoms thick can be enough.
The IBM issue dates for the '70s if I recall correctly feature size and
process
were large and it did that a very energetic interaction to flip the bit.
The modern issue is cosmic rays of astounding energy.
http://en.wikipedia.org/wiki/Soft_error
Cosmic rays creating energetic neutrons and protons that penetrate
modern packages and interact with the contents of the package.
Modern package material is quite free of this type of contamination.
As feature size shrinks this gets more and more interesting...
By looking at ECC error counts... (need hardware support) over time
it is easy to measure the altitude difference of two largeish clusters of
machines packed with DRAM.
A parity only machine can have its uptime increased by enhancements
to the parity exception handler. Bits on disk can be copied back to RAM
and the instruction restarted. Other long lived data structures can be
reinforced by vertical parity to compliment hardware parity.
There are many error correcting codes and I do recommend them for
data of any value. It is not sufficient to have a checksum to detect an
error.
A correcting code used on files like this is a solved problem. Anyone
filing such a patent should be scolded and laughed out of the room
unless it is strategic to make sure some troll does not rush to the office
first. As for trolls, pick up the phone and accuse them of stealing
secrets
from a TLA.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141102/848f8473/attachment.html>
More information about the cryptography
mailing list