2022.06.21 23:15:17 (1539356306011697152) from Daniel J. Bernstein, replying to "Jacob Christian Munch-Andersen (@NoHatCoder)" (1539178381903798272):
https://timing.attacks.cr.yp.to/overclocking.html already has an entry discussing masking and linking to some examples of attacks. This is a nightmare to audit, and isn't a substitute for plugging the underlying leak. Similarly, yes, some types of secrets can be erased quickly, but faster than the attack?
2022.06.21 23:19:42 (1539357416550113280) from Daniel J. Bernstein:
It's easy to fall into the trap of thinking "This demo took 89 hours, so if this secret can be changed every day then it's safe." But we've seen again and again that initial demos are publicly superseded by much faster attacks. Large-scale attackers are probably many years ahead.
2022.06.21 07:49:22 (1539123289624391680) from Daniel J. Bernstein:
New resource page available on timing attacks, including recommendations for action to take regarding overclocking attacks such as #HertzBleed: https://timing.attacks.cr.yp.to Don't wait for the next public overclocking attack; take proactive steps to defend your data against compromise.
2022.06.21 11:22:57 (1539177041387565061) from "Jacob Christian Munch-Andersen (@NoHatCoder)":
That is going to be an uphill battle. I do think there might be some software approaches more that are more potent than what you describe. Could we shift the handshake calculation in some random fashion, in order to effectively randomise the power consumption?
2022.06.21 11:25:32 (1539177688149147650) from "Jacob Christian Munch-Andersen (@NoHatCoder)", replying to "Jacob Christian Munch-Andersen (@NoHatCoder)" (1539177041387565061):
There is homomorphic encryption that I guess could be used for this task. But given that we don't need the secrecy it seems likely that there could be less intensive methods that achieve the desired effect.
2022.06.21 11:28:17 (1539178381903798272) from "Jacob Christian Munch-Andersen (@NoHatCoder)", replying to "Jacob Christian Munch-Andersen (@NoHatCoder)" (1539177688149147650):
Symmetric cryptography seems less vulnerable to me, but one could shift to algorithms that continuously rotate the key in order to make statistics that rely on the same key being applied over and over again impossible.