Less Leaky ECDSA signature generation (in master)
NIIBE Yutaka
gniibe at fsij.org
Thu Mar 27 01:06:36 CET 2025
Hello,
I'm working on the task of constant-time (EC)DSA signature generation:
https://dev.gnupg.org/T7519
IIUC, possible important signal sources have been fixed for (EC)DSA
(for both branchs of 1.11 and master).
And I continue on ECC improvement in master. For the first improvement,
I realized that runtime checks in ec_mod and its friends could be leaky,
because it depends on how small/big the value is.
Since it is (or can be) precondition for those routines in the code of
libgcrypt, it can be removed. Since it could be leaky, it's good to be
removed.
Here is a change.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mpi-ec-Remove-runtime-check-in-ec_mod.patch
Type: text/x-diff
Size: 4086 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20250327/d03b345c/attachment.patch>
More information about the Gcrypt-devel
mailing list