Jack Lloyd wrote: > Some relevant and recent data: in some tests I ran this weekend (GMP 4.1.2, > OpenSSL 0.9.8a, Athlon/gcc/Linux) RSA operations using GMP were somewhat > faster > than ones using OpenSSL even when blinding was used with both (typical > performance boost was 15-20%). > > I'm assume "both of which are needed" should have been "at least one of which > is needed"? AFAIK blinding alone can protect against all (publicly known) > timing attacks; am I wrong about this?
Yes, you are - there's the cache attack, which requires the attacker to have an account on the same machine. I guess I shouldn't have called it constant time, since its really constant memory access that defends against this. http://www.daemonology.net/papers/htt.pdf Incidentally, I think the main component of the difference on Athlon, like many other platforms, is simply a question of which library has hand-optimised assembler for the platform. That is, it tells us little about architectural differences and plenty about whether anyone has been bothered to optimise for that particular platform recently. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
