mailing list archives
Re: Timing attack against RSA private keys.
From: Francois Koeune <fkoeune () dice ucl ac be>
Date: Wed, 26 Mar 2003 16:53:13 +0100
I read your post describing Brumley-Boneh's timing attack with much
However, I feel a bit sceptical about the second countermeasure you
suggest, namely to use larger RSA keys. I am not familiar with details
of Brumley-Boneh's attack, but usually timing attacks' complexity does
not increase dramatically with key size. For example, the timing
attack against RSA without CRT needed 1000-2000 messages to break a
128-bit key, and 5000-10000 messages to break a 512-bit key . If I
remember correctly, Schindler's attack against RSA with CRT (which is
the basis of Brumley-Boneh's attack) evolves similarly with key sizes.
I think it might be risky to conclude that the attack is not practical
against larger keys, simply because the authors present their attack
in a 1024-bit context.
Full-Disclosure - We believe in it.