Re: [Cfrg] Trusting government certifications of cryptography

Michael Hamburg <mike@shiftleft.org> Tue, 07 October 2014 16:55 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3AE1ACE95 for <cfrg@ietfa.amsl.com>; Tue, 7 Oct 2014 09:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.455
X-Spam-Level: ***
X-Spam-Status: No, score=3.455 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DayFBNKxAuhd for <cfrg@ietfa.amsl.com>; Tue, 7 Oct 2014 09:55:35 -0700 (PDT)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74B771ACE7D for <cfrg@irtf.org>; Tue, 7 Oct 2014 09:55:35 -0700 (PDT)
Received: from [192.168.1.129] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id D8AEBF2208; Tue, 7 Oct 2014 09:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1412700853; bh=tPtdusKbBHPXD1xGVhTczcVSUVnW3fJBVuP2OrPK78U=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=E25tv1toT7CP8otBzviaTFiLGPm6mzeCzDwuj+cpDtWvD2bxaigu+2xCTNQjMJLAQ 8pGNCjyDdT14aaZxoeM/Dn2e5X6X1kTJ/2sfEPTxA/qAxtQAblf/oSMEJXA6KdnP3F clWR5qLUIahcAq3PCPPCXGZ/VbDhIGWddj7ROeIA=
Content-Type: multipart/alternative; boundary="Apple-Mail=_A8D39003-FF47-46FB-AED3-C180FC9294EF"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1988\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <54341010.8050207@src-gmbh.de>
Date: Tue, 7 Oct 2014 09:55:33 -0700
Message-Id: <CB8D38CD-55A1-4F04-9AA1-59A6556E30E4@shiftleft.org>
References: <20141003111024.20324.qmail@cr.yp.to> <trinity-5e384bba-2edd-4ee2-a511-c8dc1caa173a-1412669702907@3capp-gmx-bs29> <CACsn0cm1jw6v0gFu0uwYmgqxVFes8y2AyW26eRGhCt8xmTyr6Q@mail.gmail.com> <54341010.8050207@src-gmbh.de>
To: Dirk Feldhusen <dirk.feldhusen@src-gmbh.de>
X-Mailer: Apple Mail (2.1988)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/rgYUPUSiDZ1itTNFxKwkR6HT7As
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "D. J. Bernstein" <djb@cr.yp.to>
Subject: Re: [Cfrg] Trusting government certifications of cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 16:55:37 -0000

> On Oct 7, 2014, at 9:08 AM, Dirk Feldhusen <dirk.feldhusen@src-gmbh.de>; wrote:

> To exclude the possibilty of power or EM side channel you need the
> assumption that the attacker has no physical access to the device.
> As I understand Torsten the main problem here are special primes which
> are harder to secure against such side channel leakage.

Are they actually harder to secure (eg, requiring new countermeasures), or just slower on hardware which doesn’t accelerate the special prime (eg, by requiring longer blinding factors)?

— Mike