-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aloha!
Simon Josefsson wrote: > What threat model wrt side-channels are you assuming? There are > many side-channel failure modes of ECDSA that have been successfully > attacked, and implementing it correctly is Hard. At the least, I > suggest to make sure that your implementation is constant-time or at > least that different timing cannot be correlated with the private > key. Hiding private-key influence in power fluctuations is more > challenging, although I recall some presentations about some methods > presented by INRIA folks at ECC 2015. People have also attacked > ECDSA by finding flaws in the bignum library that leaks private-key > bits for certain rare inputs, so you want to be certain that the > bignum library you use produce correct results for all inputs (no > general purpose bignum library comes with such proofs/guarantees as > far as I know). There is a new, good paper by Lange and DJB that among other things describes side channel problems related to NISTs EC curves (and that similar issues can be avoided using 25519): https://cr.yp.to/newelliptic/nistecc-20160106.pdf Main focus is on typical SW-issues. Well worth a read through for HW implementation too, imho. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joac...@secworks.se ======================================================================== -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJWmN9dAAoJEF3cfFQkIuyNArsP/iyJaIqU3cS0SQTaHtbeD1SN mSCNGNB1Z/4UcOKEBbLDH2faE75xBgDgBFCGt0mEnLggGoAkzPV8AKLnDlPAc6Bd EsMbRHx4rIFajeVp0YmXvMbc4HJFEdurt2QoCrxJiBqMOX3C4JY6gKPcZhHVCc5E UDTYw68/umj2IIzSXksKPxWNSkrKmomTsBRPuBtqoKPO0HwjTDa3Jnq/DEf3cB32 GC3NM8NLypCjd9V5IYhN2nSG8E3tIh8VnwxAnhax7QkmgtQntT2odS0I3p0Y6rv9 jVgGU2j62dRC+5KJevWr5ez0hM4mFasba6H0GoYxYyBy099Qo95IqjJAx6C6nKmu wdUzvowHiWWg3wxM6jFqAM2tjHJwjHmH9yumHummsmxhkFlFPzChoZhhKzOEHdK4 DlsmpwV+to/KKOpS2UhPTCkBYh0Bp6o1SwJ5I168NZYbyXa2iZ18Ja5qHEUrs6Gh InKKjelNOix6zR+48GaThqDKttALx0AfGLlXmPSWFC2mjIeUf6PvjpLHazpH6f3D bPE90WkOBg4yS4v0JmGrfpJzjFd7qB2+5Fa90XalaQsZ8cm7K5792k23CgP+Wgtj aSYJu7wkiJ+BVV+cjbVMGLOV0ppqVWAHaI+z1YNx5aq28zNpz9iWA/aEAB2BKDa2 ZZBpX6K8nQ9W6sAOjyY0 =Sdsd -----END PGP SIGNATURE----- _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
