Victor Duchovni wrote:
On Thu, Jun 23, 2005 at 07:36:38AM -0400, Jerrold Leichter wrote:- Develop algorithms that offer reasonable performance even if implemented in "unoptimized" ways. This will be difficult to maintain in the face of ever-increasing hardware optimiza- tions that you can't just turn off by "not using -O". - Live with less performance and hope that raw hardware speeds will catch up. - Use specialized hardware, designed not to leak side-channel information. - ?- Find reasonably efficient masking strategies, that assume that side-channel attacks are here to stay, and randomly choose one of many isomorphic ways to perform the computation. The masking would have to eliminate key/data correlation from all "observables" other than the final output.
If it does that, why do you want to choose one of many? Surely a single one will do?
-- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
