could claim that complexity of PC software & hardware was one of the motivations behind EU finread terminal. One might also claim that this is another instance of the sporadic reoccurring security refrain about KISS
Posted by Lynn Wheeler at November 19, 2007 06:46 PMShamir did somewhat sloppy research on this one. It seems that both RSA blinding and verification of signatures after creation defeats this attack. Most implementations implement one of these countermeasures nowadays.
Posted by Florian Weimer at November 20, 2007 02:30 AMA protocol that allows a chosen plaintext attack on the shared secret key is bad, but sometimes unavoidable. A protocol that allows a chosen plaintext attack on the private key of a public key is extremely bad, and has long been known to be bad. This attack should never be possible, if the protocol is correctly designed.
Posted by James A. Donald at November 20, 2007 05:43 AM@Florian - I find it hard to believe Shamir would do "Sloppy research". First of all, it's a big weakness in any protocol to be defeated by a constant time attack, even a chosen plaintext attack. Second, since it has not yet been officially published by Shamir and/or his students (seems like it was leaked), we'll have to wait and see the finished product before we can try to find holes in it.
Posted by Neko at December 15, 2007 08:06 AMhi samir,
it is very intresting to look in ur research area. I am a M Tech student and doing my thesis on the same (weakness of RSA algorithm). we have got lots of area where technicians have to relook. well lets wait and watch ur research and mine. hope we get some loop holes.