[openssl-dev] curve25519
Aaron Jones
aaronmdjones at gmail.com
Sun Jun 21 14:53:50 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 20/06/15 23:24, Mehdi Sotoodeh wrote:
> [...] Major features of this library include: [...] *
> Constant-time (partially) and blinding support for side channel
> security.
I really have to question the wisdom of adding implementations
of Curve25519 and/or Ed25519 that are not completely constant-
time.
The almost entire design goal was to produce a scheme that does
not perform branches on secret data (branch predictor timing
attack), load from secret addresses (cache timing attack), etc
etc.
Adding blinding support only serves to (attempt to) correct the
mistake of introducing timing attacks in the first place.
- --
Aaron Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVhs/vAAoJEG6FTA+q1M6kTb4QALX1F9I1mOiddk1OoyVDRuC3
CsFWNl9WJiPCBipW3YIwi4QfZhrOgLBWajaTXfkZ3+hvOFBzJDouciIOi/dYe2sI
Evs2Dfa4d6C1KzZ3VpMP/EFbHPuuEXvE+KY4qZd1aoVrPYsbLNBrAK/swAkmOJ4b
zKGB+jUi1hziwYLB/fDCcozPVzN57F3SAd6MSSPaSDm7iADdrK9N0OvtNJsl/KF4
GoYLrSNwbUjEfFV0bI+IjHxK8r2GLX/0t/d1LrEazjeiIpOtUB4mVKZwFMjmPrhZ
63CVZVutpPOxfl5WXzpEY5armoF+vT/Z1ZZFD3jzdu2tspJ5OuLEGH+mwiI0EEJV
eF6zPmhlUrmO9RxtRgTNBuYhXp3U+/lOihfrSA0jxpdr2+xFpVDk2i4S+dp5Hq7y
7bRSRHHCfzvziTjF34wANctCz6UWKKCn6Uw4QXgDaLkVcU4PQtwPtrMWXZdcpuH5
iEL0v8IHreLiA6Jgf8uuZErzNm9iKDoE8F676l+ep8Uze2TR6zGRDVanl7tfeW34
Lgh+gissiF289Sv/7InxKD+tA3/k7qA8MjL8gt5XEqV1HvXCR5HxL+R6sm7rrLh9
CsfnLtkewBNxmGGnCaYRP7lTW2MQJXmbtejhJH0pu9loX/MTddZuiErIgwZWnchF
YXeYK6jV4IpnzflfXrnX
=qRQd
-----END PGP SIGNATURE-----
More information about the openssl-dev
mailing list