Jean-Paul Kogelman [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-05 📝 Original message:> On Mar 5, 2014, at 8:56 ...
📅 Original date posted:2014-03-05
📝 Original message:> On Mar 5, 2014, at 8:56 PM, Pieter Wuille <pieter.wuille at gmail.com> wrote:
>
>> On Wed, Mar 5, 2014 at 1:49 PM, Mike Hearn <mike at plan99.net> wrote:
>> I am not currently aware of any efforts to make OpenSSL's secp256k1
>> implementation completely side channel free in all aspects. Also,
>> unfortunately many people have reimplemented ECDSA themselves and even if
>> OpenSSL gets fixed, the custom implementations probably won't.
>
> As far as I know, judging from the implementation, there is hardly any
> effort to try to prevent timing attacks.
>
Is it safe to assume that this is also true for your secp256k1 implementation?
jp
> --
> Pieter
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
📝 Original message:> On Mar 5, 2014, at 8:56 PM, Pieter Wuille <pieter.wuille at gmail.com> wrote:
>
>> On Wed, Mar 5, 2014 at 1:49 PM, Mike Hearn <mike at plan99.net> wrote:
>> I am not currently aware of any efforts to make OpenSSL's secp256k1
>> implementation completely side channel free in all aspects. Also,
>> unfortunately many people have reimplemented ECDSA themselves and even if
>> OpenSSL gets fixed, the custom implementations probably won't.
>
> As far as I know, judging from the implementation, there is hardly any
> effort to try to prevent timing attacks.
>
Is it safe to assume that this is also true for your secp256k1 implementation?
jp
> --
> Pieter
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development