1. 7
  1. 3

    I really love the TLDR:

    In order for a timing leak to be useful for cryptanalysis, it cannot leak a publicly-known input to the cryptographic operation.

    Because anyone who’s made a serious effort has, at least once, started to think they’ve found an interesting side-channel. And only after way too much effort realized that the only thing the side-channel could, even theoretically, leak was a public value.

    I should probably be embarrassed that it’s happened more than once. Now it’s a reflex… when I think I see a timing side channel, I look at what it could possibly be leaking before I spend any time digging in.

    1. 1

      Thanks, I’m glad you enjoyed it, and that I’m not alone in stumbling onto dead-end roads in cryptanalysis. :)