21 January 2013

Do NOT touch crypto code.

No, I'm not coding any crypto algorithms. Even following discussions about coding them, like gnutls, nettle, and openssl mailing lists, is hard. But just to demonstrate the complexity of coding crypto algorithms, think of side-channel attacks. I quote here from a mailing list on nettle:

Let me first explain what I mean when I talk about a "side-channel
silent" function. That means that if we call the function with operands
which are of the same size, but otherwise different, the function should
execute exactly the same sequence of instructions in both cases, and
access memory in exactly the same pattern.

If one then assumes that the underlying machine instructions have data
independent timing (true for most current cpus), we leak no side
information from timing or cache behaviour. We may still leak
information through power analysis, if, e.g., executing a multiplication
instructions consumes different amount of energy depending on the input
bit patterns.

-- Niels Möller

What does that mean? It means "Do NOT touch crypto code". Unless you understand the implications. And there are too many implications in too many aspects, that laymen like you and me do not understand. I mean, can you even imagine that your code could be susceptible to power analysis? I mean, yes, in algorithms you've been taught that a multiplication is "costlier" than addition, and if you've studied transistors and digital logic and algorithm analysis, you might begin to understand why, because more transistors are needed for multiplication (I'm guessing here), but to think that that cost involves differences in power usage! Well of course, but then to think that that difference in power usage could be used to analyse the number of multiplications used by your code, and hence begin to backtrack the input of your functions! Yeowza. So hey, lesson of the day: "Do NOT touch crypto code".

No comments: