>> If the Verilog is constant-time and constant-power-consumption, then the >> major side channels are protected. > > I don't think anyone's ever managed to do a constant-time, constant-power, > constant-EMI, constant-* implementation of something like that have they? You > occasionally get conference papers demonstrating some new side-channel- > analysis-resistant implementation, but then the following year at the same > conference you get another paper un-demonstrating it.
Indeed. I was trying to say that constant-time is the best we can hope to achieve, and then put a tamper boundary around the whole thing to make it difficult to measure anything else. Russ
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
