On Friday, July 26, 2019 at 12:56:48 AM UTC-4, Jeffrey Walton wrote: > > > We received a private email concerning an ECDSA timing attack by Ján > Jančár. > > We are tracking the report at > https://github.com/weidai11/cryptopp/issues/869 . >
The leaks on ECP functions Add() and Double() were cleared tonight. They are on my testing branch at the moment, but available at https://github.com/weidai11/cryptopp/pull/871 . According to Jančár, Multiply() and Exponentiate() are testing good. Wei already used a Montgomery implementation for the speed benefits so the functions are already mostly hardened. The last item on the hit list is EC2N. Binary fields will be trickier because they do not get the attention of prime fields. I need to perform some more research. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/049fc31f-a2c4-4e36-b9f2-89f3d0ec4c04%40googlegroups.com.
