[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Data operand dependent timing on Intel and Arm CPUs
From:       Mark Hack <markhack () markhack ! com>
Date:       2023-01-30 19:58:34
Message-ID: 933f5586e2b664ab5fe6a7ce40c741bb92e2e412.camel () markhack ! com
[Download RAW message or body]


The blinding I have seen was for RSA 
https://www.openssl.org/docs/man1.1.1/man3/RSA_blinding_on.html and at
least for ECDSA signatures

For symmetric keys such as AES which are mostly table lookup and XOR
based, I have not seen any blinding.



Regards

Mark Hack

On Mon, 2023-01-30 at 14:13 -0500, Demi Marie Obenour wrote:
> On Mon, Jan 30, 2023 at 10:43:16AM -0600, Mark Hack wrote:
> > This is a concern, but if you look into the crypto implementations,
> > data blinding is applied to mitigate both instruction and power
> > side
> > channel attacks
> 
> Can you provide examples?  I have never seen blinding used for
> symmetric
> cryptography outside of embedded systems.

[prev in list] [next in list] [prev in thread] [next in thread]