[Cryptography] Stupid question on S-boxes
Ralf Senderek
crypto at senderek.ie
Sat Jan 26 07:47:35 EST 2019
On Fri, 25 Jan 2019, Jerry Leichter wrote:
> The issue here is side-channel attacks. If there are no channels between the
> crypto processing and code controlled by attackers, there is no attack
> against the crypto processing. The problem, of course, is that "channels" is
> extremely open-ended. But a co-processor with its own private memory
> does limit the possible attacks.
Of course using a co-processor does limit attacks, but the isolated
co-processor doing "safe crypto processing" has to be authorized to
do something valuable - like a signature - by the CPU on which the
attacker controlled code is running also. So even if there is less
of a risk of leaking key material, we're miles away from "the ability
to safely do[ing] crypto on shared hardware", which was my point.
-ralf
More information about the cryptography
mailing list