On Wed, Mar 5, 2014 at 2:18 PM, Jean-Paul Kogelman <jeanpaulkogel...@me.com> wrote: >> As far as I know, judging from the implementation, there is hardly any >> effort to try to prevent timing attacks. >> > > Is it safe to assume that this is also true for your secp256k1 implementation?
I've done some preliminary work on making it leak less, but it's by no means guaranteed to be constant time either (so better assume it is not). -- Pieter ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
