Hello, We'd like to announce the release of version 0.3.2 of libsecp256k1:
https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.2 This is a bugfix release after 0.3.1. The impetus for this release is the discovery that GCC 13 became smart enough to optimize out a specific timing side-channel protection mechanism in the ECDH code that could leave applications vulnerable to a side-channel attack. This has been fixed in 0.3.2 [1]. For the full changelog, see https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md We strongly recommend any users of the library to upgrade if their code may end up being compiled with GCC >=13. Bitcoin Core is not affected because it does not use libsecp256k1's ECDH module. Note: The underlying side-channel issue is very similar to the issue that lead to the previous 0.3.1 release. Unfortunately, there is no generic way to prevent compilers from "optimizing" code by adding secret-dependent branches (which are undesired in cryptographic applications), and it is hard to predict what optimizations future compiler versions will add. There's ongoing work [2] to test on unreleased development snapshots of GCC and Clang, which would make it possible to catch similar cases earlier in the future. [1]: https://github.com/bitcoin-core/secp256k1/pull/1303 [2]: https://github.com/bitcoin-core/secp256k1/pull/1313 _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
