Hiya, I chatted briefly with Kenny at the IETF meeting about the discussion we had in Stockholm about maybe being able to do better with blinding as per the below. I'd say it'd be worth having a chat with him about this. (I guess with Paul, me and Kenny initially, but yell if you think it'd be better to do it on this list and/or add someone else in.)
I'm happy to summarise back to this list if there's any likely change, Cheers, S. -------- Forwarded Message -------- Subject: Re: cryptech question Date: Thu, 22 Mar 2018 09:24:21 +0000 From: Paterson, Kenny <kenny.pater...@rhul.ac.uk> To: Stephen Farrell <stephen.farr...@cs.tcd.ie> I looked into this briefly yesterday. The short answer is that there is no short answer and I'd need to dig a lot deeper and/or consult some experts on side channel attacks to be able to give a well-informed answer. I do know who to ask. Let me know if that would be useful. Sent from my iPhone > On 21 Mar 2018, at 15:36, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > Hiya, > > I can get more context but here's the list discussion. [1] If cc'ing > Pavel/Rob makes that easier and you're happy to chat with 'em direct, > just say. > > Question is: are there circumstances where it might be safe to turn > off blinding. > > The context is only RSA signing inside the hsm where we're fairly > confident that the implementation is constant time and the reason > to ask is for performance improvement. (Signing is slow now.) > > Cheers, > S. > > [1] https://lists.cryptech.is/archives/tech/2017-July/002822.html > <0x7B172BEA.asc>
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
