<<

. 4
( 19 .)



>>

Pd - r (mod n).

Since step 3 involves a random, secret x™, its run-
ning time cannot be correlated with the input x,
hence the term “blinding.” Consequently, a timing
attack cannot obtain any information about the pri-
vate key.

There is still the theoretical concern that informa-
tion about the random value r may be revealed from
the time for steps 2 and 4, but this does not seem to
be a practical issue provided the value of r varies
from one RSA operation to the next.
Page 11 Previous Page Home Next Page
NUMBER 1 -SPRING 1996
VOLUME 2.




The technical newsletter of RSA Laboratories, a division of RSA Data
Security, Inc.




Asymmetric Encryption:
Evolution and Enhancements
Page 12 Previous Page Home Next Page
Editor™s Note




We encourage
any readers
with comments,
opposite opinions,
suggestions or
proposals for
future issues fo
confacf the
Newsletter Availability and
C:ryptoBytes
Contact Information
editor.

CqpQ@tsisahpllilicatia?sdall
isa3,llzcth-sd˜, are-
via the World-Wide W&I at I-&p://
w.rsa.mm/˜/.




Rs?i Lalmraties
loo M3KiI-E B5lrkwy, slite 500
F?E&c& City, CA 94065
415/595-1703
415/5954X26 (fix)
Isa--.am
._.._..._. -_-_..- _.__..--_.-. - .._. -._-

About RSA Laboratories




SPRI NG 1096 - THE TECHNICAL NEWSLETTER OF RSA LABORATORIES
Page 13
Previous Page Home Next Page

Asymmetric Encryption
-franIF

At obouf the
same time as
the PKCS wus
being published,
IHM developed
a public key
extension to
their Transaction
Security System
to support digital
signatures and
key transport.




THE TECHNICAL NEWSLETTER OF RSA LABORATORIES - S P R I N (5 I 5, 9 6 CRYPlcJBYlES
Giil
Page 14
Previous Page Home Next Page




While fbere is 1 mr&n.?he˜isto˜amt&mrnnkerin
significant
sfrucfure in the
form&fed block,
fhe masked
block appears
random.




I
Mask 1


+
Masked Data




Althxqh˜didrmtfirdanattz&,˜qpx-
ET-ltlyhad tk follcuvirg ancern alnltthem

CRvPT0BvrES SPRING lYY6 - THE TECHNICAL NEWSLETTER OF RSA LABORATORIES
Page 15
Previous Page Home Next Page




1 Masked Data 1 1 RN 1




CRYPlGBY™IES
SPRING 19Vb
THE TECHNICAL NEWSLETTER OF RSA LABORATORIES - Eii
Page 16
Previous Page Home Next Page




CRVPTOBVIES 1996 -THE TECHNICAL NEWSLETTER OF RSA LABORATORIES
SPRING
Page 17
Previous Page Home Next Page
PayWord and MicroMint (extended CYMKYC˜)


,..our securily
goal is to keep
honest people




Banks and Credit-Card
Or,.Cr.r -




Obtain
3. Redeem payments.
authorization
or coins.




2. Purchase information
from vendor; pay.




H
I99h CRvPlOBYrtS
S P R I N (2
THE TECHNICAL NEWSLETTER OF RSA LABORATORIES -
Page 18
Previous Page Home Next Page




User-vendor
relafionships
are fransienf.
A user mighf
visit a web site,
purchase fen
pages, and
then move on
elsewhere.




SPRING 19v4 - THE TECHNICAL NEWSLETTER OF RSA LABORATORIES
CRYPTOBYIES iii
Page 19
Previous Page Home Next Page




Note that
each coin is
a bit-string
whose vuliciity
cm be easily
checked by
unyone, but
which is hard
to produce,




CRvFTOBYlES 1096 -THE
SPRING TECHNICAL NEWSLETTER OF RSA LABORATORIES
H
Page 20
Previous Page Home Next Page




,..usefs and
vendors will
have little
motivation to
cheat in order
to gain only a
few cents...




Our security
mechanisms arc
thus primarily
dosignad to
discourage
large-scale
attacks, such as
massive forgery
or persistent
double-spending.




I99h CRYPlOBYrtS
THE TECHNICAL NEWSLETTER OF RSA LABORATORIES - S P I? I N G
Page 21
Previous Page Home Next Page
The HMAC Construction




I .peop/e seem
agreed that hush
function based
constructions
of MACs ore

<<

. 4
( 19 .)



>>