[Cryptography] "We need crypto code training" and other obviosities.

[Jerry Leichter]

> One BIG issue in crypto code is side channel attacks, and no matter
> how good a programmer you are, you aren't going to code for side
> channel attacks because it intentionally makes your program slower...
> 
> GCM for example will leak like a sieve if you use an 8bit lookup
> table, which is the best/fastest way to implement it on modern
> systems...
The view that side-channel attacks are *crypto* problem is like the FIPS approach to certification:  Draw your boundaries, say "all the important stuff is inside this box I made up", show that the stuff inside is secure, and bam - you've got certification. The fact that stuff outside the box is sending all your cleartext to some unknown location on the Internet is just declared out of bounds.

The side-channel attacks we've seen concentrate on the crypto because that's code shared by many applications that deal in sensitive data, so attacking it gets you a great deal of bang for the buck.  It also gets you bragging and publication rights.

I don't recall seeing any publications on power-analysis or timing-analysis or other such attacks against the functional code of any application.  You know, the stuff that actually works on the "red" data directly.

If anyone is exploiting side-channel attacks in the real world - given all the simpler attacks available, it's not clear anyone needs to bother - I'll bet they're going against the soft underbelly - the vast bulk of code that does the actual work, with no one looking closely at it to see if it's vulnerable.

                                                        -- Jerry