[Cryptech Tech] RSA blinding

Pavel Shatov meisterpaul1 at yandex.ru
Mon Jul 10 18:38:02 UTC 2017

Previous message (by thread): [Cryptech Tech] RSA blinding
Next message (by thread): [Cryptech Tech] Onchip Open-V TRNG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

05.07.2017 1:31, Bernd Paysan пишет:
> Am Mittwoch, 5. Juli 2017, 00:23:40 CEST schrieb Pavel Shatov:
>> In step 6. block memory R is either overwritten with its own contents
>> (that changes no bits) or with a different value that on average changes
>> half of the bits. I have a feeling that those will have different power
>> consumption.
> 
> If you want to avoid that, add one bit per memory cell which means "xor the 
> rest with a pattern that has half of the bits set ('h55... 'haa..., 'h33, 
> 'hcc, all are equally good).  That way, you can achieve true constant-power 
> for the memory write at the cost of just one bit per memory word.

Thanks for the excellent tip!

> However, most of the energy going into SRAM writes is precharging the bit 
> lines, and discharging them, and since those are all symmetric (you discharge 
> either the left or the right bit line for a SRAM write), only the flip/non-flip 
> of the SRAM cell itself can make a difference. And that difference is small 
> compared to the rest.
> 

-- 
With best regards,
Pavel Shatov

Previous message (by thread): [Cryptech Tech] RSA blinding
Next message (by thread): [Cryptech Tech] Onchip Open-V TRNG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list