On Wed, 2 Nov 2022 14:44:30 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:

>>> ... you only have one chance to measure, so cannot average out noise ...
>> 
>> There are cases that one chance is enough to place an attack.  We normally 
>> don't discuss vulnerability details in public, please send me an email in 
>> private if more details is required.
>> 
>>>  ... than again, you probably have better methods to get to the key than 
>>> trying to measure time.
>> 
>> I may have to agree that better methods may exist.  But better methods do 
>> not imply that we can let this method go.
>
>> > ... you only have one chance to measure, so cannot average out noise ...
>> 
>> There are cases that one chance is enough to place an attack. We normally 
>> don't discuss vulnerability details in public, please send me an email in 
>> private if more details is required.
>> 
>> > ... than again, you probably have better methods to get to the key than 
>> > trying to measure time.
>> 
>> I may have to agree that better methods may exist. But better methods do not 
>> imply that we can let this method go.
> 
> Well, I doubt this would be one of those cases you have in mind...
> Your method of computing the inverse looks good to me, but I still think that 
> if we can achieve a better result with an existing general method then we 
> should do that instead of writing special ones for every curve. 
> I think there is a risk in having more code, too.

@ferakocz Did you have further comment?  What do you think if we integrate the 
update?

-------------

PR: https://git.openjdk.org/jdk/pull/10544

Reply via email to