Re: [openssl-dev] curve25519

Sun, 21 Jun 2015 07:54:53 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 20/06/15 23:24, Mehdi Sotoodeh wrote:
> [...] Major features of this library include: [...] *
> Constant-time (partially) and blinding support for side channel
> security.

I really have to question the wisdom of adding implementations
of Curve25519 and/or Ed25519 that are not completely constant-
time.

The almost entire design goal was to produce a scheme that does
not perform branches on secret data (branch predictor timing
attack), load from secret addresses (cache timing attack), etc
etc.

Adding blinding support only serves to (attempt to) correct the
mistake of introducing timing attacks in the first place.

- -- 
Aaron Jones

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVhs/vAAoJEG6FTA+q1M6kTb4QALX1F9I1mOiddk1OoyVDRuC3
CsFWNl9WJiPCBipW3YIwi4QfZhrOgLBWajaTXfkZ3+hvOFBzJDouciIOi/dYe2sI
Evs2Dfa4d6C1KzZ3VpMP/EFbHPuuEXvE+KY4qZd1aoVrPYsbLNBrAK/swAkmOJ4b
zKGB+jUi1hziwYLB/fDCcozPVzN57F3SAd6MSSPaSDm7iADdrK9N0OvtNJsl/KF4
GoYLrSNwbUjEfFV0bI+IjHxK8r2GLX/0t/d1LrEazjeiIpOtUB4mVKZwFMjmPrhZ
63CVZVutpPOxfl5WXzpEY5armoF+vT/Z1ZZFD3jzdu2tspJ5OuLEGH+mwiI0EEJV
eF6zPmhlUrmO9RxtRgTNBuYhXp3U+/lOihfrSA0jxpdr2+xFpVDk2i4S+dp5Hq7y
7bRSRHHCfzvziTjF34wANctCz6UWKKCn6Uw4QXgDaLkVcU4PQtwPtrMWXZdcpuH5
iEL0v8IHreLiA6Jgf8uuZErzNm9iKDoE8F676l+ep8Uze2TR6zGRDVanl7tfeW34
Lgh+gissiF289Sv/7InxKD+tA3/k7qA8MjL8gt5XEqV1HvXCR5HxL+R6sm7rrLh9
CsfnLtkewBNxmGGnCaYRP7lTW2MQJXmbtejhJH0pu9loX/MTddZuiErIgwZWnchF
YXeYK6jV4IpnzflfXrnX
=qRQd
-----END PGP SIGNATURE-----
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to