On Thu, Oct 1, 2015 at 5:48 PM, Trevor Perrin <[email protected]> wrote: > Great report by Steven Galbraith on last week's workshop (plus a panel > transcript!), and link to the slides. Lots of good reading: > > https://ellipticnews.wordpress.com/2015/10/01/ecc-2015-bordeaux-france-september-28-30-2015/
"Peter Schwabe gave a stimulating talk about the problem of using automated tools to prove the correctness and security of crypto software. He demonstrated how the valgrind profiling tool can be used on real crypto code, but emphasised that such tools create a massive overhead for software developers." I'm interested in this-- in libsecp256k1 in the past we've used valgrind by setting secret data to 'uninitialized' with the memcheck macros and then valgrind whines about conditional branches on the secret data. This is far from complete, but not bad automated backstop on boneheaded mistakes. I'm wondering if it was just something like this, or something somewhat more advanced? In theory valgrind could be instrumented to catch any leak-prone operations on secret data this way... but creating a new valgrind checker is a somewhat daunting prospect. _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
