RE: [PATCH v6 0/3] crypto: caam - add support for RSA algorithm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

> > > as I am looking into the RSA countermeasures, I am wondering how much
> of
> > > countermeasures are actually applied inside hardware implementations.
> >
> > Please point me to the reference RSA countermeasures so that we have
> > a common point of start.
> 
> As the entire MPI logic is derived from libgcrypt, I am planning to use the
> libgcrypt implementation as a basis to implement the blinding defined by
> the
> Handbook of Applied Cryptograpy 11.118/11.119.

When using private key operation commands, our hardware provides
'timing equalization' to hide key information from timing attacks such that
the modular exponentiation will take the same amount of time for a given
byte length of N combined with a given byte length of the exponent.

The other part of timing equalization causes each bit of exponent to take
the same amount of time to process. In normal exponentiation, a one bit takes
two multiplies, while a zero bit takes just one. In timing equalization,
a zero bit causes an extra, but 'fake' multiply.

Thanks,
ta
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux