On 08/ 1/14 09:38 AM, Wojtek NarczyĆski wrote:
On 01.08.2014 09:27, Luke Clifton wrote:
Well, how about something like
inConstantTime :: timeBudget -> (functionToPerform :: CryptoResult) -> IO (Maybe CryptoResult)
I'm no expert, but aren't timing attacks also possible with something like that. If your `functionToPerform' touches the cache in funny ways, the program after resuming from the timeout might have different timings as there could be cache misses in one scenario, but not the other.
Oh come on, there is still a number of slow buffers in between: kernel, network cards, switches, routers.
I think original poster has been talking about something like that: https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf https://eprint.iacr.org/2014/248.pdf not funny reading indeed. So yes, I would also like to see paper about attacks above being done against purely functional TLS implementation. Results may be interesting, especially when we consider functional programming to provide more secure code by default (in comparison with C)... Karel