You can take a number of approaches to protect against computational effort analysis. The most obvious is to make all operations take the same amount of time to execute. However, this is difficult and often results in severe performance penalties because the time taken by all computations would have to be extended to match that of the slowest one.

Introducing random delays sometimes appears to be an acceptable defense tactic for applications if latency is not critical, in particular many noninteractive network services, and puts less stress on the processor itself. However, this random noise can be effectively filtered out if the attack can be carried out repeatedly.

Another approach, known as blinding, relies on introducing a certain ...