Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-05 📝 Original message:On Wed, Mar 5, 2014 at ...
📅 Original date posted:2014-03-05
📝 Original message:On Wed, Mar 5, 2014 at 2:18 PM, Jean-Paul Kogelman
<jeanpaulkogelman at me.com> wrote:
>> As far as I know, judging from the implementation, there is hardly any
>> effort to try to prevent timing attacks.
>>
>
> Is it safe to assume that this is also true for your secp256k1 implementation?
I've done some preliminary work on making it leak less, but it's by no
means guaranteed to be constant time either (so better assume it is
not).
--
Pieter
📝 Original message:On Wed, Mar 5, 2014 at 2:18 PM, Jean-Paul Kogelman
<jeanpaulkogelman at me.com> wrote:
>> As far as I know, judging from the implementation, there is hardly any
>> effort to try to prevent timing attacks.
>>
>
> Is it safe to assume that this is also true for your secp256k1 implementation?
I've done some preliminary work on making it leak less, but it's by no
means guaranteed to be constant time either (so better assume it is
not).
--
Pieter