Re: [Cfrg] Security proofs v DH backdoors

[Michael Scott <mike.scott@miracl.com>]

Its dead simple really (so surely must be a miscommunication). For example
you said that "any fault of any kind inevitably ends up leaking the
private key".
This is a technical group, so I expected that this was not some rhetorical
flourish, but you meant exactly what you said. In hindsight (and here is
the miscommunication) it probably was meant as a rhetorical flourish.

A beginner reading that comment might assume that all they have to do is
induce any fault at all anywhere in an ECC binary, and out will pop the
private key. So no reverse engineering required to determine where to
induce the fault, just whack it anywhere.

In my experience the vast majority of "any faults" just cause the program
to rather boringly crash, not revealing nothing to nobody.


Mike


On Sun, Oct 30, 2016 at 10:56 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> Michael Scott <mike.scott@miracl.com> writes:
>
> >As an influential opinion leader I think you really need to expand on that
> >last paragraph. In the first sentence you need to define "harsh
> environment".
> >The second sentence ("any fault of any kind") is manifestly untrue. And in
> >the third sentence what industries exactly?
>
> So I've been sitting here trying to figure out how to respond to this (and
> one
> or two other messages).  I think there must be some sort of
> miscommunication
> happening because I can't otherwise explain why you're asking what you are.
> The options seem to be:
>
> 1. You're unaware of how vulnerable to faults ECC is.
> 2. You're unaware that computers experience faults.
> 3. We're talking at cross purposes/miscommunicating in some way.
>
> Before I type up a long essay on #1 or #2 (which I'm not terribly keen on
> doing) I want to make sure that you're really asking what you appear to be
> asking, and one or both of us hasn't misinterpreted the others' position.
>
> Peter.
>
>