[tahoe-lafs-trac-stream] [pycryptopp] #92: python-level time padding

[pycryptopp]

#92: python-level time padding
------------------------+-----------------
     Reporter:  zooko   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:
      Version:  0.5.29  |   Keywords:
Launchpad Bug:          |
------------------------+-----------------
 Experts like DJB and Brian Warner tell me that it is kind of hopeless to
 try to mask a computation whose time varies depending on secret inputs by
 adding time-padding. But I'm not ready to give up just yet. It is
 surprisingly tricky and my first several designs all turned out to be
 fatally flawed. I forget if the following is one of the fatally flawed
 ones or the one I came up with ''after'' the most recent time that I
 learned of a fatal flaw:

 Run the function with random dummy inputs instead of the real secret
 input, then run it again with other random dummy inputs. In parallel (e.g.
 using a separate thread) compute the function with the real secret input.
 If the latter hasn't completed by the time the first sequence of two
 completes (that is, it is taking more than twice as long to do the real
 function as the average dummy function), then abort.

 CAVEATS:

 This technique seems like it should defend against the attacker who can
 see ''only'' the time that elapses between you beginning your computation
 and you finishing. It does not protect against attackers who can see other
 sorts of "side channels" about you, such as which CPU cores you use at
 what times, how much energy you draw at what times, or even
 (intriguingly!) how many computations you can complete per time! (See, how
 much time it takes you to do one computation does not imply how many
 computations you can do per time if you are idling some of your resources
 some of the time!)

-- 
Ticket URL: <https://tahoe-lafs.org/trac/pycryptopp/ticket/92>
pycryptopp <https://tahoe-lafs.org/trac/pycryptopp>