* Travis H.: > On 7/11/06, "Hal Finney" <[EMAIL PROTECTED]> wrote: >> : So what went wrong? Answer: NIST failed to recognize that table lookups >> : do not take constant time. รข"Table lookup: not vulnerable to timing >> : attacks," NIST stated in [19, Section 3.6.2]. NIST's statement was, >> : and is, incorrect. > > That's interesting, since it is in line with conventional reasoning > about algorithms. I've skimmed his paper, and I've taken a class on > computer architecture and I haven't the foggiest idea where the > variable timing comes from. Does anyone know if any of the following > account for the phenomenon? > > 1) cache fills as we ascend through memory > 2) additions (base+index) taking non-constant time (could be fixed > with pointers if we're going sequentially) > 3) virtual memory considerations (e.g. fetching new a page for a higher > address) > 4) TLB misses
Is this about Colin Percival's work? IIRC, it's mainly about shared associative caches which leak information about what addresses are being cached across trust boundaries. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]