[Cryptography] Maybe those million-bit-key cryptosystems have something to offer after all....

Tom Mitchell mitch at niftyegg.com
Sun Jul 29 01:38:50 EDT 2018

On Sat, Jul 28, 2018 at 4:05 AM, Jerry Leichter <leichter at lrw.com> wrote:

> A common theme of amateurish or over-hyped cryptosystems - at least a
> couple of years back; this seems to have faded - was the use of super-long
> keys for "higher security".  Realistically, all a longer key gives you is
> security against brute force attack, and 256 bits is already way beyond
> anything that can be attacked by any foreseeable technology.  And yet....
> Consider https://arstechnica.com/gadgets/2018/07/new-spectre-
> attack-enables-secrets-to-be-leaked-over-a-network/ (contains link to the
> technical paper) which describes a Spectre-like attack that can be carried
> out over a network, without downloading any code to the system under
> attack.  It's one of a class of slow side-channel attacks - very slow; 1-3
> bits per hour attacking a system in the Google Cloud over the Internet.
> (They got it up to a bit per minute over a local network.

There needs to be a revision or footnote to  "Covert Channel Analysis"
(light pink of the rainbow series).
The assumption is that data is data, but this makes a special case for much
lower bit rates from Spectre
like mitigation fixes where high value keys might reside.   Leveraged
asymmetric attacks...

https://fas.org/irp/nsa/rainbow/tg030.htm  <-- light pink
"This policy allows for the existence of storage channels that are not
auditable. Also, it allows for the possibility that covert storage and
timing channels with bandwidths over B = 1 bit/second will exist in secure
systems. However, the suggested values of b = 0.1 bits/second and B = 1
bit/ second are not justified based on any specific policy. The only basis
for deriving these values is the determination that:

   - "Covert channel handling may impose performance penalties, and that
   bandwidths of 1 bit/second are acceptable in most environments; and
   - "Although covert channels with bandwidth of over 1 bit/second may be
   allowed in a secure system, covert channels with bandwidths of over 100
   bits/second approximate the rate at which many (old) computer terminals are
   run (or users can type). Therefore, the existence of such channels in a
   secure computer system would seem inappropriate."

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180728/0e5536d4/attachment.html>

More information about the cryptography mailing list