Adding a nounce before hashing as covert channel
andrewg
andrewg at andrewg.com
Fri Dec 13 13:59:15 CET 2024
On 2024-12-12 11:58, Wiktor Kwapisiewicz wrote:
>
> On 12.12.2024 11:43, Andrew Gallagher via Gnupg-devel wrote:
>> It should be noted that the salt in v6 signatures also helps to
>> protect against fault-based attacks.
>> See https://eprint.iacr.org/2017/1014
>
> I'm not entirely sure that the v6 salt helps in this case - it
> influences the final digest but the fault attack then operates on that
> new digest. I've read section 9. Countermeasures and couldn't find any
> mention of salt being effective.
Fault attacks require the generation of multiple signatures over the
same message digest. With an unsalted signature, it is sufficient to
induce a victim to sign the same message twice with the same timestamp.
With a salted signature, it is vanishingly improbable that the same
digest will ever be produced.
A
More information about the Gnupg-devel
mailing list