7 Apr
2012
7 Apr
'12
1:38 p.m.
lör 2012-04-07 klockan 15:30 +0200 skrev Niels Möller:
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
What about _ct for constant time? The _blinding is really specific on the method used to achieve constant time.
But it's not really constant time, is it? Rather, timing is random but independent of the inputs which are under control of the attacker. While without RSA blinding, timing depends on the secret key and on data provided by the attacker, which is a bad combination.
Maybe a better term to use is "reduced side channel" or something. Not easy to shorten though. The generic problem adressed here is side channels.
/Simon