Timing Attack paper--pres--v.01

A
anasz3z3
Timing Attacks • Prepared By : *Anas Za’za’ • Dr. Adwan Yasin. • COMPUTER SECURITY.
Timing Attacks : side-channel attack based on measuring the length of time it takes to digitally sign a message(respond it)
Network Timing Attack Regular Client Server [Web,SSL] 1. ClientHello 2. ServerHello (send public key) 3. ClientKeyExchange
Attack Attack Client Server 1. ClientHello 2. ServerHello (send public key) 3. Record time t1 Send guess g or ghi 4. Alert 5. Record time t2 Compute t2 –t1
a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
Trick AAAAAAAAAA BAAAAAAAAA CAAAAAAAAA DAAAAAAAAA ... XAAAAAAAAA YAAAAAAAAA ZAAAAAAAAA
a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
Reform The Code match = true; for (i = 0; i < a.length; i++) { if (a[i] != b[i]) match := false; } return match;
Reform The Code 2 match = 0; for (i = 0; i < a.length; i++) { match = match or (a[i] xor b[i]); } return match == 0; A B OUTPUT A XOR B 0 0 0 0 1 1 1 0 1 1 1 0
Attack on OpenSSL OpenSSL: an open source cryptographic library used in web servers and other SSL applications.
RSA Key generation: • Generate large primes p, q • Compute n=pq and (n)=(p-1)(q-1) • Choose small e, relatively prime to (n) • Compute unique d such that ed = 1 mod (n) Public key = (e,n); private key = d Security relies on the assumption that it is difficult to compute roots modulo n without knowing p and q Encryption of p (simplified!): c = pe mod n Decryption of c: cd mod n = (pe)d mod n = m
Timing Attack on RSA • Initial guess g for q • Try all possible guesses for the top few bits • Suppose we know i-1 top bits of q. Goal: ith bit. • Set g =<known i-1 bits of q>000000 • Set ghi=<known i-1 bits of q>100000 - note: g<ghi • If g<q<ghi then the ith bit of q is 0 • If g<ghi<q then the ith bit of q is 1 • Goal: decide whether g<q<ghi or g<ghi<q Let ‘g’ be a guess as to the value of q Let ghi be the same value as g, with the i'th bit
slide 13 Two Possibilities for ghi Decryption time #Reductions Mult routine ghi Difference in decryption times ? between g and ghi will be small q g ghi? Value of ciphertext Difference in decryption times between g and ghi will be large D=|t1-t2|. If D is large then g<q<ghi and i’th bit of q is 0, otherwise the bit is 1.
RSA Blinding • Decrypt random number related to c: 1. Before decryption compute x’ = c*re mod N, r is random 2. p’ = Decrypt x’ 3. Calculate p = p’/r mod N • Since r is random, the decryption time should be random • 2-10% performance penalty
1 von 14

Timing Attack paper--pres--v.01

Downloaden Sie, um offline zu lesen
Technologie

Timing Attack

A
anasz3z3

Recomendados

Ch 10: Hacking Web Servers von
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web ServersSam Bowne
10.3K views76 Folien
Classical encryption techniques von
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
4.9K views57 Folien
SQL INJECTION von
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
24.7K views30 Folien
Session Hijacking ppt von
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
21.4K views21 Folien
Cryptography and network security von
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
42.7K views48 Folien
Presentation on Web Attacks von
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
1.3K views22 Folien

Más contenido relacionado

Was ist angesagt?

Homomorphic Encryption von
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
8.2K views26 Folien
Web Server Hardening von
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
6.4K views31 Folien
Brute force-attack presentation von
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
5.7K views7 Folien
CNIT 129S: Ch 6: Attacking Authentication von
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationSam Bowne
1.2K views66 Folien
Aes von
AesAes
AesMuhammad Asif
1K views32 Folien
Operating system security von
Operating system securityOperating system security
Operating system securityRamesh Ogania
18.7K views33 Folien

Was ist angesagt?(20)

Homomorphic Encryption von Vipin Tejwani
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Vipin Tejwani8.2K views
Web Server Hardening von n|u - The Open Security Community
Web Server HardeningWeb Server Hardening
Web Server Hardening
n|u - The Open Security Community6.4K views
Brute force-attack presentation von Mahmoud Ibra
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra5.7K views
CNIT 129S: Ch 6: Attacking Authentication von Sam Bowne
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking Authentication
Sam Bowne1.2K views
Aes von Muhammad Asif
AesAes
Aes
Muhammad Asif1K views
Operating system security von Ramesh Ogania
Operating system securityOperating system security
Operating system security
Ramesh Ogania18.7K views
SQL injection von Raj Parmar
SQL injectionSQL injection
SQL injection
Raj Parmar355 views
Security Attacks on RSA von Pratik Poddar
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSA
Pratik Poddar13.2K views
Message digest 5 von Tirthika Bandi
Message digest 5Message digest 5
Message digest 5
Tirthika Bandi6.3K views
Rc4 von Amjad Rehman
Rc4Rc4
Rc4
Amjad Rehman4.4K views
File allocation methods (1) von Dr. Jasmine Beulah Gnanadurai
File allocation methods (1)File allocation methods (1)
File allocation methods (1)
Dr. Jasmine Beulah Gnanadurai2.1K views
Hash Function von Siddharth Srivastava
Hash FunctionHash Function
Hash Function
Siddharth Srivastava24.2K views
12 types of DDoS attacks von Haltdos
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
Haltdos2K views
Intrusion detection von CAS
Intrusion detectionIntrusion detection
Intrusion detection
CAS3.7K views
symmetric key encryption algorithms von Rashmi Burugupalli
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli7.8K views
Mutual Exclusion Election (Distributed computing) von Sri Prasanna
Mutual Exclusion Election (Distributed computing)Mutual Exclusion Election (Distributed computing)
Mutual Exclusion Election (Distributed computing)
Sri Prasanna5.8K views
security problems in the tcp/ip protocol suite von Yash Kotak
security problems in the tcp/ip protocol suitesecurity problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suite
Yash Kotak3.2K views
Password Cracking von Hajer alriyami
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami1K views
5. message authentication and hash function von Chirag Patel
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel17.2K views
MD5 von rokham khawaja
MD5MD5
MD5
rokham khawaja396 views

Similar a Timing Attack paper--pres--v.01

rsa.ppt von
rsa.pptrsa.ppt
rsa.pptArkadiansNatblida
17 views20 Folien
rsa.ppt von
rsa.pptrsa.ppt
rsa.pptPrasadM389394
2 views20 Folien
Homomorphic Encryption von
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
2.5K views58 Folien
Ntewrok secuirty cs7 von
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7Infinity Tech Solutions
3.1K views30 Folien
Digital Signatures: Reassessing security of randomizable signatures von
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
343 views40 Folien
RSA von
RSARSA
RSAbansidhar11
209 views21 Folien

Similar a Timing Attack paper--pres--v.01(20)

rsa.ppt von ArkadiansNatblida
rsa.pptrsa.ppt
rsa.ppt
ArkadiansNatblida17 views
rsa.ppt von PrasadM389394
rsa.pptrsa.ppt
rsa.ppt
PrasadM3893942 views
Homomorphic Encryption von Göktuğ Serez
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Göktuğ Serez2.5K views
Ntewrok secuirty cs7 von Infinity Tech Solutions
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7
Infinity Tech Solutions3.1K views
Digital Signatures: Reassessing security of randomizable signatures von Priyanka Aash
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signatures
Priyanka Aash343 views
RSA von bansidhar11
RSARSA
RSA
bansidhar11209 views
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra von OWASP Delhi
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi430 views
Computing on Encrypted Data von New York Technology Council
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
New York Technology Council6K views
Kleptography von Erfan Mallick
KleptographyKleptography
Kleptography
Erfan Mallick787 views
Technology, Process, and Strategy von ereddick
Technology, Process, and StrategyTechnology, Process, and Strategy
Technology, Process, and Strategy
ereddick32 views
RSA.pptx von mic
RSA.pptxRSA.pptx
RSA.pptx
mic10 views
An Analysis of Secure Remote Password (SRP) von Dharmalingam Ganesan
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
Dharmalingam Ganesan1.1K views
Introduction to cryptography von Suresh Thammishetty
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Suresh Thammishetty1.8K views
Unit-III_3R-CRYPTO_2021-22_VSM.pptx von VishwanathMahalle
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
VishwanathMahalle4 views
Why are we still vulnerable to Side Channel Attacks? von Riscure
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
Riscure937 views
New ppt.ppt von ssuser4030a8
New ppt.pptNew ppt.ppt
New ppt.ppt
ssuser4030a82 views
14-applications-of-number-theory.ppt von IdcIdk1
14-applications-of-number-theory.ppt14-applications-of-number-theory.ppt
14-applications-of-number-theory.ppt
IdcIdk13 views
TLS/SSL Internet Security Talk von Nisheed KM
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
Nisheed KM744 views
PKC&RSA von Anver S R
PKC&RSAPKC&RSA
PKC&RSA
Anver S R34 views
6.hash mac von Virendrakumar Dhotre
6.hash mac6.hash mac
6.hash mac
Virendrakumar Dhotre778 views

Último

VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue von
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueShapeBlue
203 views54 Folien
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... von
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
166 views28 Folien
CryptoBotsAI von
CryptoBotsAICryptoBotsAI
CryptoBotsAIchandureddyvadala199
40 views5 Folien
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... von
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
139 views29 Folien
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... von
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...ShapeBlue
184 views12 Folien
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... von
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
160 views32 Folien

Último(20)

VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue von ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue203 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... von ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue166 views
CryptoBotsAI von chandureddyvadala199
CryptoBotsAICryptoBotsAI
CryptoBotsAI
chandureddyvadala19940 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... von ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue139 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... von ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue184 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... von James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson160 views
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O... von ShapeBlue
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue132 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... von Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker54 views
Initiating and Advancing Your Strategic GIS Governance Strategy von Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software176 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue von ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue218 views
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ von ShapeBlue
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericConfidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
ShapeBlue130 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue von ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue147 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems von ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue238 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue von ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue135 views
Cencora Executive Symposium von marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21159 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... von ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue126 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT von ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue206 views
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda... von ShapeBlue
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue161 views
The Power of Heat Decarbonisation Plans in the Built Environment von IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE79 views
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool von ShapeBlue
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue123 views

Timing Attack paper--pres--v.01

  • 1. Timing Attacks • Prepared By : *Anas Za’za’ • Dr. Adwan Yasin. • COMPUTER SECURITY.
  • 2. Timing Attacks : side-channel attack based on measuring the length of time it takes to digitally sign a message(respond it)
  • 3. Network Timing Attack Regular Client Server [Web,SSL] 1. ClientHello 2. ServerHello (send public key) 3. ClientKeyExchange
  • 4. Attack Attack Client Server 1. ClientHello 2. ServerHello (send public key) 3. Record time t1 Send guess g or ghi 4. Alert 5. Record time t2 Compute t2 –t1
  • 5. a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
  • 6. Trick AAAAAAAAAA BAAAAAAAAA CAAAAAAAAA DAAAAAAAAA ... XAAAAAAAAA YAAAAAAAAA ZAAAAAAAAA
  • 7. a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
  • 8. Reform The Code match = true; for (i = 0; i < a.length; i++) { if (a[i] != b[i]) match := false; } return match;
  • 9. Reform The Code 2 match = 0; for (i = 0; i < a.length; i++) { match = match or (a[i] xor b[i]); } return match == 0; A B OUTPUT A XOR B 0 0 0 0 1 1 1 0 1 1 1 0
  • 10. Attack on OpenSSL OpenSSL: an open source cryptographic library used in web servers and other SSL applications.
  • 11. RSA Key generation: • Generate large primes p, q • Compute n=pq and (n)=(p-1)(q-1) • Choose small e, relatively prime to (n) • Compute unique d such that ed = 1 mod (n) Public key = (e,n); private key = d Security relies on the assumption that it is difficult to compute roots modulo n without knowing p and q Encryption of p (simplified!): c = pe mod n Decryption of c: cd mod n = (pe)d mod n = m
  • 12. Timing Attack on RSA • Initial guess g for q • Try all possible guesses for the top few bits • Suppose we know i-1 top bits of q. Goal: ith bit. • Set g =<known i-1 bits of q>000000 • Set ghi=<known i-1 bits of q>100000 - note: g<ghi • If g<q<ghi then the ith bit of q is 0 • If g<ghi<q then the ith bit of q is 1 • Goal: decide whether g<q<ghi or g<ghi<q Let ‘g’ be a guess as to the value of q Let ghi be the same value as g, with the i'th bit
  • 13. slide 13 Two Possibilities for ghi Decryption time #Reductions Mult routine ghi Difference in decryption times ? between g and ghi will be small q g ghi? Value of ciphertext Difference in decryption times between g and ghi will be large D=|t1-t2|. If D is large then g<q<ghi and i’th bit of q is 0, otherwise the bit is 1.
  • 14. RSA Blinding • Decrypt random number related to c: 1. Before decryption compute x’ = c*re mod N, r is random 2. p’ = Decrypt x’ 3. Calculate p = p’/r mod N • Since r is random, the decryption time should be random • 2-10% performance penalty