-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review for timing attacks #11
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
My understanding is that we're concerned that any function over the secret-key (or something derived from it), must take time independent of the input value. Here are possible issues I see
scalarmult
takes time ine
, and inpublickey()
e
is a function ofsk
, not sure if this is a concern (it's a function of the magnitude ofe
, which may not correlate with an individual value)encodepoint
(as called frompublickey()
),y >> i
is probably not timing independent, it's time is a function of the magnitude ofy
.publickey
andsignature
2 ** i * bit(h, i)
takes time in the magnitude of the bit fromh
(h
is computed from thesha256
ofsk
, so perhaps it can't be reversed?)Those are what I have for now, more review is definitely needed.
The text was updated successfully, but these errors were encountered: