Hi Aaron, Did you look at the text regarding side channel security on the front page? It is located towards the end of page and I think you missed it. My reasoning is the fact that the goal of constant time is not achievable by software only approaches. A lot depends on the underlying hardware.
Thanks mehdi. On Sun, Jun 21, 2015 at 7:53 AM, Aaron Jones <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 20/06/15 23:24, Mehdi Sotoodeh wrote: > > [...] Major features of this library include: [...] * > > Constant-time (partially) and blinding support for side channel > > security. > > I really have to question the wisdom of adding implementations > of Curve25519 and/or Ed25519 that are not completely constant- > time. > > The almost entire design goal was to produce a scheme that does > not perform branches on secret data (branch predictor timing > attack), load from secret addresses (cache timing attack), etc > etc. > > Adding blinding support only serves to (attempt to) correct the > mistake of introducing timing attacks in the first place. > > - -- > Aaron Jones > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVhs/vAAoJEG6FTA+q1M6kTb4QALX1F9I1mOiddk1OoyVDRuC3 > CsFWNl9WJiPCBipW3YIwi4QfZhrOgLBWajaTXfkZ3+hvOFBzJDouciIOi/dYe2sI > Evs2Dfa4d6C1KzZ3VpMP/EFbHPuuEXvE+KY4qZd1aoVrPYsbLNBrAK/swAkmOJ4b > zKGB+jUi1hziwYLB/fDCcozPVzN57F3SAd6MSSPaSDm7iADdrK9N0OvtNJsl/KF4 > GoYLrSNwbUjEfFV0bI+IjHxK8r2GLX/0t/d1LrEazjeiIpOtUB4mVKZwFMjmPrhZ > 63CVZVutpPOxfl5WXzpEY5armoF+vT/Z1ZZFD3jzdu2tspJ5OuLEGH+mwiI0EEJV > eF6zPmhlUrmO9RxtRgTNBuYhXp3U+/lOihfrSA0jxpdr2+xFpVDk2i4S+dp5Hq7y > 7bRSRHHCfzvziTjF34wANctCz6UWKKCn6Uw4QXgDaLkVcU4PQtwPtrMWXZdcpuH5 > iEL0v8IHreLiA6Jgf8uuZErzNm9iKDoE8F676l+ep8Uze2TR6zGRDVanl7tfeW34 > Lgh+gissiF289Sv/7InxKD+tA3/k7qA8MjL8gt5XEqV1HvXCR5HxL+R6sm7rrLh9 > CsfnLtkewBNxmGGnCaYRP7lTW2MQJXmbtejhJH0pu9loX/MTddZuiErIgwZWnchF > YXeYK6jV4IpnzflfXrnX > =qRQd > -----END PGP SIGNATURE----- > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
