On Saturday, 11 March 2023 04:10:58 CET, Girish Yerra wrote:
Hi All,
I am not sure if this is the right forum to discuss the aspects
of the CVE. Feel free to close this and point me to the right
forum.
I am looking for some more specific details on the attack
description. I am mainly looking for some of the details and
clarifications.
1. For timing attacks the popular counter measure is to apply
blinding which makes it timing resistant. Does this
countermeasure fail in this case?
While blinding protects against a leaky mod-exp implementation, unblinding
still has to be done in constant time manner. That wasn't done.
See some of the discussions in
https://github.com/openssl/openssl/pull/20281
2. What is the order of the trials that an attacker requires to
mount this attack ?
Please share any reference paper giving more details of this attack.
We're still working on a paper.
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
