You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My understanding is that we're concerned that any function over the secret-key (or something derived from it), must take time independent of the input value. Here are possible issues I see
scalarmult takes time in e, and in publickey()e is a function of sk, not sure if this is a concern (it's a function of the magnitude of e, which may not correlate with an individual value)
In encodepoint (as called from publickey()), y >> i is probably not timing independent, it's time is a function of the magnitude of y.
In publickey and signature2 ** i * bit(h, i) takes time in the magnitude of the bit from h (h is computed from the sha256 of sk, so perhaps it can't be reversed?)
Those are what I have for now, more review is definitely needed.
The text was updated successfully, but these errors were encountered:
My understanding is that we're concerned that any function over the secret-key (or something derived from it), must take time independent of the input value. Here are possible issues I see
scalarmulttakes time ine, and inpublickey()eis a function ofsk, not sure if this is a concern (it's a function of the magnitude ofe, which may not correlate with an individual value)encodepoint(as called frompublickey()),y >> iis probably not timing independent, it's time is a function of the magnitude ofy.publickeyandsignature2 ** i * bit(h, i)takes time in the magnitude of the bit fromh(his computed from thesha256ofsk, so perhaps it can't be reversed?)Those are what I have for now, more review is definitely needed.
The text was updated successfully, but these errors were encountered: