Could anyone give an example what flaws a secp256k1 implementation needs to have in order to succumb to the fault attack described in this tweet: https://twitter.com/pbarreto/status/392415079934615552 ?
It mentions that an implementation is susceptible "unless the implementation checks everything", but doesn't go into details. I don't understand the fault attacks much, but IIRC it requires a raw point that is not on the curve to enter an incorrectly written algorithm. I don't see where the problematic raw point comes into play. Regards, Ondrej _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
