What threat model wrt side-channels are you assuming? There are many side-channel failure modes of ECDSA that have been successfully attacked, and implementing it correctly is Hard. At the least, I suggest to make sure that your implementation is constant-time or at least that different timing cannot be correlated with the private key. Hiding private-key influence in power fluctuations is more challenging, although I recall some presentations about some methods presented by INRIA folks at ECC 2015. People have also attacked ECDSA by finding flaws in the bignum library that leaks private-key bits for certain rare inputs, so you want to be certain that the bignum library you use produce correct results for all inputs (no general purpose bignum library comes with such proofs/guarantees as far as I know).
/Simon
signature.asc
Description: PGP signature
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
