1. 7
    1. 3

      I really love the TLDR:

      In order for a timing leak to be useful for cryptanalysis, it cannot leak a publicly-known input to the cryptographic operation.

      Because anyone who’s made a serious effort has, at least once, started to think they’ve found an interesting side-channel. And only after way too much effort realized that the only thing the side-channel could, even theoretically, leak was a public value.

      I should probably be embarrassed that it’s happened more than once. Now it’s a reflex… when I think I see a timing side channel, I look at what it could possibly be leaking before I spend any time digging in.

      1. 1

        Thanks, I’m glad you enjoyed it, and that I’m not alone in stumbling onto dead-end roads in cryptanalysis. :)