Prev: why doesn't the decryption primitive in PKCS#1 employ RSA blinding?
Next: Protecting 3x16 bits with 16 bits ? (I wonder about LDPC codes for gpu ;))
From: James H. Markowitz on 12 Feb 2010 14:55
On Fri, 12 Feb 2010 11:27:16 -0800, yawnmoth wrote:

> <http://tools.ietf.org/html/rfc3447#section-5.1.2> discusses the
> decryption primitive for PKCS#1 but it doesn't seem to employ any
> blinding. Why not?

Probably because blinding is optional. Implementations that leak
information when carrying out private key operations, which make them
amenable to timing attacks, should do blinding. Those that do not leak
such information do not need to do blinding.

 | 
Pages: 1
Prev: why doesn't the decryption primitive in PKCS#1 employ RSA blinding?
Next: Protecting 3x16 bits with 16 bits ? (I wonder about LDPC codes for gpu ;))