Some relevant and recent data: in some tests I ran this weekend (GMP 4.1.2, OpenSSL 0.9.8a, Athlon/gcc/Linux) RSA operations using GMP were somewhat faster than ones using OpenSSL even when blinding was used with both (typical performance boost was 15-20%).
I'm assume "both of which are needed" should have been "at least one of which is needed"? AFAIK blinding alone can protect against all (publicly known) timing attacks; am I wrong about this? -Jack On Sat, Dec 31, 2005 at 11:04:31AM +0000, Ben Laurie wrote: > It appears that one reason GMP may sometimes be faster than OpenSSL for > RSA is that it seems that GMP does not do blinding or constant time > arithmetic, both of which are needed to defend against known attacks. > > So, if you are going to use GMP for speed, be aware that you may be > risking your private keys. > > Cheers, > > Ben. > > -- > http://www.apache-ssl.org/ben.html http://www.thebunker.net/ > > "There is no limit to what a man can do or how far he can go if he > doesn't mind who gets the credit." - Robert Woodruff > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
