oss-sec mailing list archives
Re: Data operand dependent timing on Intel and Arm CPUs
From: Mark Hack <markhack () markhack com>
Date: Mon, 30 Jan 2023 13:58:34 -0600
The blinding I have seen was for RSA https://www.openssl.org/docs/man1.1.1/man3/RSA_blinding_on.html and at least for ECDSA signatures For symmetric keys such as AES which are mostly table lookup and XOR based, I have not seen any blinding. Regards Mark Hack On Mon, 2023-01-30 at 14:13 -0500, Demi Marie Obenour wrote:
On Mon, Jan 30, 2023 at 10:43:16AM -0600, Mark Hack wrote:This is a concern, but if you look into the crypto implementations, data blinding is applied to mitigate both instruction and power side channel attacksCan you provide examples? I have never seen blinding used for symmetric cryptography outside of embedded systems.
Current thread:
- Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 25)
- Re: Data operand dependent timing on Intel and Arm CPUs Solar Designer (Jan 25)
- Re: Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 27)
- Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Demi Marie Obenour (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 27)
- Re: Data operand dependent timing on Intel and Arm CPUs Solar Designer (Jan 25)