The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:rsabad

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
pgpfan:rsabad [2022/05/18 15:38] – Ambiguous b.walzerpgpfan:rsabad [2023/11/07 16:25] – Not theoretical anymore. b.walzer
Line 35: Line 35:
 >// Instead, developers are encouraged to choose a large d such that Chinese remainder theorem techniques can be used to speed up decryption. However, this approach’s complexity increases the probability of subtle implementation errors, which [[https://www.cs.tau.ac.il/~tromer/courses/infosec11/Boneh%20DeMillo%20Lipton%201997%20---%20On%20the%20importance%20of%20eliminating%20errors%20in%20cryptographic%20protocols.pdf|can lead to key recovery]].// >// Instead, developers are encouraged to choose a large d such that Chinese remainder theorem techniques can be used to speed up decryption. However, this approach’s complexity increases the probability of subtle implementation errors, which [[https://www.cs.tau.ac.il/~tromer/courses/infosec11/Boneh%20DeMillo%20Lipton%201997%20---%20On%20the%20importance%20of%20eliminating%20errors%20in%20cryptographic%20protocols.pdf|can lead to key recovery]].//
  
-The linked article doesn't describe any sort of implementation error. Instead it describes a completely theoretical hardware attack.+The linked article doesn't describe any sort of implementation error. Instead it describes an attack based on hardware faults((This originally used the term "theoretical" to describe the attack. See the more recent [[https://eprint.iacr.org/2023/1711.pdf|Passive SSH Key Compromise via Lattices]], which shows that this sort of weakness exists at the rate of one per million SSH records.)).
  
 >//Public Exponent// >//Public Exponent//
pgpfan/rsabad.txt · Last modified: 2023/11/15 19:40 by b.walzer