[openssl-users] Why do we try out all possible combinations of top bits in OpenSSL timing attack?
mail.dipanjan.das at gmail.com
Mon Feb 6 07:20:03 UTC 2017
In the paper titled Remote Timing Attacks are Practical
<https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf>, the authors
mention the following:
Initially our guess g of q lies between 25122512 (i.e. 2log2(N/2)2log2(N/2))
and 25112511 (i.e. 2log2(N/2)−12log2(N/2)−1). We then time the decryption
of all possible combinations of the top few bits (typically 2-3). When
plotted, the decryption times will show two peaks: one for q and one for p.
We pick the values that bound the first peak, which in OpenSSL will always
I don't understand the following:
- Does the initial guess of g start from an arbitrary range?
- What's the rationale behind trying out top 2-3 bits?
- What will the remaining bits be in this case?
Thanks & Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users