Dear Gregory, Have you tried FlowTracker?
http://cuda.dcc.ufmg.br/flowtracker/ It does something very similar to what you describe at compiled-code level by using LLVM, and can be used offline as well. Feedback is welcome! Best, -- Diego de Freitas Aranha Institute of Computing - University of Campinas http://www.ic.unicamp.br/~dfaranha On Thu, Oct 1, 2015 at 6:25 PM Gregory Maxwell <[email protected]> wrote: > On Thu, Oct 1, 2015 at 5:48 PM, Trevor Perrin <[email protected]> wrote: > > Great report by Steven Galbraith on last week's workshop (plus a panel > > transcript!), and link to the slides. Lots of good reading: > > > > > https://ellipticnews.wordpress.com/2015/10/01/ecc-2015-bordeaux-france-september-28-30-2015/ > > > "Peter Schwabe gave a stimulating talk about the problem of using > automated tools to prove the correctness and security of crypto > software. He demonstrated how the valgrind profiling tool can be used > on real crypto code, but emphasised that such tools create a massive > overhead for software developers." > > I'm interested in this-- in libsecp256k1 in the past we've used > valgrind by setting secret data to 'uninitialized' with the memcheck > macros and then valgrind whines about conditional branches on the > secret data. This is far from complete, but not bad automated backstop > on boneheaded mistakes. I'm wondering if it was just something like > this, or something somewhat more advanced? > > In theory valgrind could be instrumented to catch any leak-prone > operations on secret data this way... but creating a new valgrind > checker is a somewhat daunting prospect. > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves >
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
