Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think he's talking about something like:

  c = encrypt(k, m)
  sleep(rand())
  return c
Which is not what blinding is. Blinding is not really about adding a random delay as much as it is about preventing an attacker from controlling inputs to variable-time functions.

Also, it's not clear how blinding could be applied to AES.



Yes, okay, however my point was we don't actually need constant-time operation if the timing is uniformly random. Clearly that doesn't mean we introduce a random sleep, but it means we carry out computations in a way that timings aren't data-dependent and an attacker can't separate signal from noise.


I guess I'm still unclear how that would work in the context of AES. Or really any symmetric construction, come to think of it.


It isn't used for symmetric encryption algorithms. They're more easily made verifiably constant time as described in the blog post.

It's a common way to protect something like RSA from timing sidechannels, however.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: