Home GnuPG
Diffusion GnuPG ff53cf06e966

Use ciphertext blinding for Elgamal decryption.
ff53cf06e966Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Use ciphertext blinding for Elgamal decryption.

* cipher/elgamal.c (USE_BLINDING): New.
(decrypt): Rewrite to use ciphertext blinding.

CVE-id: CVE-2014-3591

As a countermeasure to a new side-channel attacks on sliding windows
exponentiation we blind the ciphertext for Elgamal decryption. This
is similar to what we are doing with RSA.

Unfortunately, the performance impact of Elgamal blinding is quite
noticeable: For a 3072 bit Elgamal key the decryption used to take
13ms; with the blinding it takes 24ms. This has been measured using
time(1), calling gpg with a 100 byte message, and having gpg modified
to run the pubkey_decrypt function 100 times and finally scale the
result (using an i5-2410M CPU @ 2.30GHz TP 220).

Details

Provenance
wernerAuthored on Aug 11 2014, 4:15 PM
Parents
rG397987c33233: Update automake helper files.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGff53cf06e966: Use ciphertext blinding for Elgamal decryption. (authored by Werner Koch <wk@gnupg.org>).Feb 11 2015, 8:04 PM

Changes (1)

PathSize
cipher/

rGff53cf06e966

View Options

cipher/elgamal.c

Loading...