Re: Random delay as a countermeasure to timing attacks
 From: Unruh <unruhspam@xxxxxxxxxxxxxx>
 Date: 7 Nov 2006 17:16:05 GMT
daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner) writes:
David Wagner wrote:
One possible hypothesis:
 the signal has a Gaussian distribution,
 the noise (the delay you add, plus any other random noise)
has a Gaussian distribution, and
 all of these contributions are independent.
Then it's easy to see that the S/N ratio goes up linearly
with the standard deviation of the noise, and goes down
proportional to the square root of the number of measurements,
leading to your desired result.
Oops, I think I meant that the signal is 0 or 1
(has a Bernoulli distribution). That's the simplest case,
I think he meant what he said. You are proposing a different model Your
model might well be closer to the actual state of things, but it is not the
model he had (although I have a hard time believing that the signal the
length of time of the calculation is "0 or 1" ( presumably the delay
over the best case )
because then you are just distinguishing between two
distributions: X and 1+X, where X ~ N(\mu,\sigma^2) for
some values of \mu,\sigma. You should be able to compute
the variation distance between these two distributions (as
a function of \sigma) using calculus, and I believe you'll
find that you need \sigma ~ 1 to have some nonnegligible
chance of distinguishing. (If \sigma << 1, you're out of luck.)
Are you using the terms in a nonstandard way? sigma<<1 means very small
variance in the noise. That makes it easy to distinguish.
But what you say makes it clear that what is needed is a decent model of
the "signal". Neitehr a gaussian nor your step function strike me as good
models for the timing distribution of a cypher.
.
 FollowUps:
 Re: Random delay as a countermeasure to timing attacks
 From: David Wagner
 Re: Random delay as a countermeasure to timing attacks
 References:
 Random delay as a countermeasure to timing attacks
 From: Francois Grieu
 Re: Random delay as a countermeasure to timing attacks
 From: David Wagner
 Re: Random delay as a countermeasure to timing attacks
 From: David Wagner
 Random delay as a countermeasure to timing attacks
 Prev by Date: Re: Can this be done with a symmetric cipher?
 Next by Date: Re: Can this be done with a symmetric cipher?
 Previous by thread: Re: Random delay as a countermeasure to timing attacks
 Next by thread: Re: Random delay as a countermeasure to timing attacks
 Index(es):
Relevant Pages
