What is Nostr?
Tim Ruffing [ARCHIVE] /
npub1cmt…wkls
2023-06-07 23:21:48
in reply to nevent1q…h7aw

Tim Ruffing [ARCHIVE] on Nostr: 📅 Original date posted:2023-05-14 🗒️ Summary of this message: Libsecp256k1 ...

📅 Original date posted:2023-05-14
🗒️ Summary of this message: Libsecp256k1 version 0.3.2 has been released, fixing a bug in the ECDH code that could leave applications vulnerable to a side-channel attack.
📝 Original message:Hello,

We'd like to announce the release of version 0.3.2 of libsecp256k1:

https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.2

This is a bugfix release after 0.3.1. The impetus for this release is
the discovery that GCC 13 became smart enough to optimize out a
specific timing side-channel protection mechanism in the ECDH code that
could leave applications vulnerable to a side-channel attack. This has
been fixed in 0.3.2 [1].

For the full changelog, see
https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md

We strongly recommend any users of the library to upgrade if their code
may end up being compiled with GCC >=13. Bitcoin Core is not affected
because it does not use libsecp256k1's ECDH module.

Note: The underlying side-channel issue is very similar to the issue
that lead to the previous 0.3.1 release. Unfortunately, there is no
generic way to prevent compilers from "optimizing" code by adding
secret-dependent branches (which are undesired in cryptographic
applications), and it is hard to predict what optimizations future
compiler versions will add. There's ongoing work [2] to test on
unreleased development snapshots of GCC and Clang, which would make it
possible to catch similar cases earlier in the future.

[1]: https://github.com/bitcoin-core/secp256k1/pull/1303
[2]: https://github.com/bitcoin-core/secp256k1/pull/1313
Author Public Key
npub1cmt6gqyfw3sdngkq0wadtpe3kmgyyeld6ad0g2h5tar3kpzcrmpqddwkls