[Cryptech Tech] RSA blinding

Bernd Paysan bernd at net2o.de
Tue Jul 4 22:31:26 UTC 2017

Previous message (by thread): [Cryptech Tech] RSA blinding
Next message (by thread): [Cryptech Tech] RSA blinding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Mittwoch, 5. Juli 2017, 00:23:40 CEST schrieb Pavel Shatov:
> In step 6. block memory R is either overwritten with its own contents
> (that changes no bits) or with a different value that on average changes
> half of the bits. I have a feeling that those will have different power
> consumption.

If you want to avoid that, add one bit per memory cell which means "xor the 
rest with a pattern that has half of the bits set ('h55... 'haa..., 'h33, 
'hcc, all are equally good).  That way, you can achieve true constant-power 
for the memory write at the cost of just one bit per memory word.

However, most of the energy going into SRAM writes is precharging the bit 
lines, and discharging them, and since those are all symmetric (you discharge 
either the left or the right bit line for a SRAM write), only the flip/non-flip 
of the SRAM cell itself can make a difference. And that difference is small 
compared to the rest.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*
http://bernd-paysan.de/

Previous message (by thread): [Cryptech Tech] RSA blinding
Next message (by thread): [Cryptech Tech] RSA blinding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list