Differential D5384

Remove secret-dependant non-constant time operation in ecmult_const.
ClosedPublic
Actions

Authored by deadalnix on Feb 29 2020, 16:56.

Tags

None

Subscribers

None

Details

Reviewers

Group Reviewers

Restricted Project

Commits

rSTAGINGe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const.
rABCe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const.

Summary

Remove secret-dependant non-constant time operation in ecmult_const.

ECMULT_CONST_TABLE_GET_GE was branching on its secret input.

Also makes secp256k1_gej_double_var implemented as a wrapper
on secp256k1_gej_double_nonzero instead of the other way
around. This wasn't a constant time bug but it was fragile
and could easily become one in the future if the double_var
algorithm is changed.

Clarify comments about use of rzr on ge functions and abs function.

This is a backport of secp256k1 PR709

Test Plan

ninja check-secp256k1

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

deadalnix created this revision.Feb 29 2020, 16:56

Herald added a reviewer: Restricted Project. · View Herald TranscriptFeb 29 2020, 16:56

Build Bitcoin-ABC / Diffs / Diff Testing started.

Build Bitcoin-ABC / Diffs / Diff Testing passed.

Harbormaster completed remote builds in B9665: Diff 16663.Feb 29 2020, 17:07

Fabien accepted this revision.Mar 2 2020, 08:05

This revision is now accepted and ready to land.Mar 2 2020, 08:05

Closed by commit rABCe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const. (authored by Gregory Maxwell <greg@xiph.org>, committed by deadalnix). · Explain WhyMar 2 2020, 15:35

This revision was automatically updated to reflect the committed changes.

deadalnix added a commit: rABCe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const..

deadalnix added a commit: rSTAGINGe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const..Apr 7 2020, 23:11

Revision Contents
Changeset List

Path

Size

src/

secp256k1/

src/

ecmult_const_impl.h

9 lines

11 lines

55 lines

tests_exhaustive.c

2 lines

1 line

Diff 16693

src/secp256k1/src/ecmult_const_impl.h

Loading...

src/secp256k1/src/group.h

Loading...

src/secp256k1/src/group_impl.h

Loading...

src/secp256k1/src/tests_exhaustive.c

Loading...

src/secp256k1/src/util.h

Loading...