Re: Random delay as a countermeasure to timing attacks

daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner) writes:

David Wagner wrote:
One possible hypothesis:
- the signal has a Gaussian distribution,
- the noise (the delay you add, plus any other random noise)
has a Gaussian distribution, and
- all of these contributions are independent.
Then it's easy to see that the S/N ratio goes up linearly
with the standard deviation of the noise, and goes down
proportional to the square root of the number of measurements,
leading to your desired result.

Oops, I think I meant that the signal is 0 or 1
(has a Bernoulli distribution). That's the simplest case,

I think he meant what he said. You are proposing a different model Your
model might well be closer to the actual state of things, but it is not the
model he had (although I have a hard time believing that the signal-- the
length of time of the calculation-- is "0 or 1" ( presumably the delay
over the best case )

because then you are just distinguishing between two
distributions: X and 1+X, where X ~ N(\mu,\sigma^2) for
some values of \mu,\sigma. You should be able to compute
the variation distance between these two distributions (as
a function of \sigma) using calculus, and I believe you'll
find that you need \sigma ~ 1 to have some non-negligible
chance of distinguishing. (If \sigma << 1, you're out of luck.)

Are you using the terms in a non-standard way? sigma<<1 means very small
variance in the noise. That makes it easy to distinguish.
But what you say makes it clear that what is needed is a decent model of
the "signal". Neitehr a gaussian nor your step function strike me as good
models for the timing distribution of a cypher.


.

Relevant Pages

  • Re: Random delay as a countermeasure to timing attacks
    ... - the signal has a Gaussian distribution, ... the noise ... random queries, or queries chosen according to the cipher, or ...
    (sci.crypt)
  • Re: Frequency retrieval from noise
    ... distribution, one performs fourier transform to identify the ... noise, which means that the the spectrum of the noise is flat. ... I'm asking what are the peaks in the power spectrum of pure ... AWGN is gaussian in amplitude distribution, ...
    (sci.physics)
  • Re: Random numbers with Rice distribution
    ... The rice distribution is related to the normal distribution. ... Indeed a magnitude signal affected by gauss noise in both channels ...
    (comp.soft-sys.matlab)
  • Re: Frequency retrieval from noise
    ... distribution, one performs fourier transform to identify the ... frequencies contained in xby examining the power distribution. ... what if the data is pure gaussian noise? ... gaussian noise, or noise pulled from any distribution for that matter. ...
    (sci.physics)
  • Re: Random numbers with Rice distribution
    ... The rice distribution is related to the normal distribution. ... Indeed a magnitude signal affected by gauss noise in both channels ... Reread my post and you will see that you can generate your variates ...
    (comp.soft-sys.matlab)