Hello, there is a recent paper by Genkin, Shamir, Tromer out which deals with acoustic side channels in crypto operations. The paper is geared towards the GnuPG implementation (of RSA), but I guess it could be adopted for other RSA implementations.
http://www.cs.tau.ac.il/~tromer/acoustic/ One recommended (and in case of GnuPG 2 used) counter measurement is RSA ciphertext blinding. I wonder if it would be a good idea to either use blinding in the normal RSA Cipher or to offer an additional blinded provider. Or do you think with Java the typical side channel countermeasurements (avoid timing and energy consumption predictions by not using conditional brnaching, by adding decoy operations or similiar) are not possible? The Diploma work of Feng Lue at TU-Darmstadt has a nice overview: https://www.cdc.informatik.tu-darmstadt.de/reports/reports/KP/Feng_Lue.diplom.pdf (Chapter 5) It suggest that the ciphertext randomization from Tsuyoshi Takagi to be used. BC has an RSA blinding implementation, but mostly concerned with using it for blind signatures. When blinding is only used to add randomness it would not require parameters to be configured. Greetings Bernd -- http://www.zusammenkunft.net
