[Cryptography] Defeating timing attacks
Henry Baker
hbaker1 at pipeline.com
Sat Jul 15 09:11:12 EDT 2017
At 04:07 PM 7/14/2017, Benjamin Kreuter wrote:
>If we are allowed to assume special non-leaky instructions then we can
>do better. Give us an instruction that computes the AES function
>without leaking anything, and we can use it to generate a garbled
>circuit (which necessarily leaks nothing during its evaluation
>regardless of what sort of CPU is evaluating it). This assumes a CPU
>architecture where explicit load/store instructions are not required or
> where load/store instructions are also not leaky.
What kind of a slowdown are we talking about here?
1X, 10X, 100X, 1000X ?
More information about the cryptography
mailing list