Scalar / Point blinding #186

issue gmaxwell openend this issue on January 11, 2015
  1. gmaxwell commented at 5:13 am on January 11, 2015: contributor

    Constant time, constant memory access operations for secret data should make additional blinding unnecessary. But at least init-time static blinding can be done basically at no cost by baking it into the tables; and may afford some protection against EMI/power side-channels or timing in cases where a compiler has undermined the constant time operation.

    We already do the novel unknown discrete log blinding. I’d held off previously adding more because we didn’t have a hash function (e.g. to generate random unknown points for each table row). But we do now. Peter has also expressed some interest here.

  2. gmaxwell added the label enhancement on Jan 11, 2015
  3. gmaxwell cross-referenced this on Jan 20, 2015 from issue Add scalar blinding for ecmult_gen() by gmaxwell
  4. gmaxwell closed this on Apr 30, 2015


gmaxwell

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 17:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me