Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Timing attack against RSA private keys.
From: Francois Koeune <fkoeune () dice ucl ac be>
Date: Wed, 26 Mar 2003 16:53:13 +0100

I read your post describing Brumley-Boneh's timing attack with much

However, I feel a bit sceptical about the second countermeasure you
suggest, namely to use larger RSA keys. I am not familiar with details
of Brumley-Boneh's attack, but usually timing attacks' complexity does
not increase dramatically with key size. For example, the timing
attack against RSA without CRT needed 1000-2000 messages to break a
128-bit key, and 5000-10000 messages to break a 512-bit key [1]. If I
remember correctly, Schindler's attack against RSA with CRT (which is
the basis of Brumley-Boneh's attack) evolves similarly with key sizes.

I think it might be risky to conclude that the attack is not practical
against larger keys, simply because the authors present their attack
in a 1024-bit context.

[1] http://www.dice.ucl.ac.be/~fkoeune/thesis.ps.gz

 Francois Koeune

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]