@DefuseSec if you're talking about KS1(k1) ⊕ KS2(k2) ⊕ pt as a product cipher of two stream ciphers' keystreams, do sidechannels amplify?
-
-
Replying to @DefuseSec
@bascule With ciphers it's pretty easy to get strongest-of-N but with whole implementations, it could easily be weakest-of-N.1 reply 0 retweets 0 likes -
Replying to @DefuseSec
@DefuseSec how can secret dependent timings of one keystream generator implementation break the whole construction if the other one is good?1 reply 0 retweets 1 like -
Replying to @DefuseSec
@DefuseSec curious what sidechannels you're thinking of then. I was thinking of cache timing sidechannels1 reply 0 retweets 0 likes -
Replying to @DefuseSec
@bascule ...you don't need to give the other implementation the plaintext at all. RCE vulns are a way better example of worst-of-N.1 reply 0 retweets 0 likes -
Replying to @DefuseSec
@DefuseSec lol, RCE in an actual cipher implementation would be a catastrophic result indeed1 reply 0 retweets 0 likes
@DefuseSec I was thinking more of Tahoe's "100 year cryptography" product cipher case /cc @zooko
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.