[Cryptech Tech] RSA blinding (was: Re: Fun RSA implementation vulnerability: left-to-right sliding window modexp)

[Peter Gutmann]

Rob Austein <sra at hactrn.net> writes:

>We've left RSA blinding enabled unconditionally in all cases for now, out of
>paranoia, but would be interested in opinions from wider heads about how
>necessary this really is.

Definitely a good idea in any case.  Most of the side-channel attacks require
repeated sampling of an operation and then statistical analysis to break out
the details of interest, with randomisation each time you're making that a lot
harder.

Russ Housley <housley at vigilsec.com> writes:

>If the Verilog is constant-time and constant-power-consumption, then the
>major side channels are protected.  

I don't think anyone's ever managed to do a constant-time, constant-power,
constant-EMI, constant-* implementation of something like that have they?  You
occasionally get conference papers demonstrating some new side-channel-
analysis-resistant implementation, but then the following year at the same
conference you get another paper un-demonstrating it.

The thing is, for hardware you don't actually need to have a side-channel-
resistant implementation.  For software you do because the person writing the
conference paper can give themselves whatever privileges they need to perform
the attack (hostile code running on the same CPU with insight into the cache
or memory access patterns or whatever), but with an HSM you define how far
they can go, and that's the outside of the HSM.  

There's a twenty-year-old HSM, IBM's 4758, that was resistant to pretty much
all of the side-channel attacks that came along after it was developed, not
because the developers were magically aware of them but because they used good
engineering practice, power supply decoupling, filtering, etc (I asked them
about how they managed it and that was their explanation, we designed it
properly from the outset).

So worst case all you need to worry about is timing attacks, which is what you
have blinding for.  If you're still worried then given that you're building an
HSM rather than a crypto accelerator, so security is more important than
throughput, quantise the production of results.  That can eventually be
defeated too with enough samples, but since you're blinding as well you're
making it pretty difficult for the attacker.

Peter.