[Cryptech Tech] goals / use cases

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jan 28 15:11:59 UTC 2015


Fredrik Thulin <fredrik at thulin.net> writes:

>If we show the SoC made of stuff that we can't audit the AES/HMAC key, it
>might exfiltrate it through some kind of side channel - not necessarily in
>the output of the AES/HMAC operation which, as you say, is totally
>deterministic.

I know that's the theoretical answer, but how would you side-channel AES or
SHA-1?  For DSA and ECDSA, which are a whole smorgasbord of side-channel
opportunities, I can see this would be an issue (thus the comment about
leaving that for an FPGA), but any side-channel on AES is going to be
something like leaking the key via EMI, in which case an FPGA can do exactly
the same thing.

Peter.


More information about the Tech mailing list