Diffusion Bitcoin ABC e0772f4181f9

Remove secret-dependant non-constant time operation in ecmult_const.
e0772f4181f9
Actions

Tags

None

Subscribers

None

Description

Remove secret-dependant non-constant time operation in ecmult_const.

Summary:

Remove secret-dependant non-constant time operation in ecmult_const.

ECMULT_CONST_TABLE_GET_GE was branching on its secret input.

Also makes secp256k1_gej_double_var implemented as a wrapper
on secp256k1_gej_double_nonzero instead of the other way
around. This wasn't a constant time bug but it was fragile
and could easily become one in the future if the double_var
algorithm is changed.

Clarify comments about use of rzr on ge functions and abs function.

This is a backport of secp256k1 PR709

Test Plan:

ninja check-secp256k1

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5384

Details

Provenance

Gregory Maxwell <greg@xiph.org>	Authored on Jan 8 2020, 14:58
deadalnix	Committed on Mar 2 2020, 15:35
deadalnix	Pushed on Mar 2 2020, 15:35

Reviewer

Restricted Project

Differential Revision

D5384: Remove secret-dependant non-constant time operation in ecmult_const.

Parents

rABCb61e2167a9a2: Preventing compiler optimizations in benchmarks without a memory fence

Branches

Unknown

Tags

Unknown

Event Timeline

deadalnix committed rABCe0772f4181f9: Remove secret-dependant non-constant time operation in ecmult_const. (authored by Gregory Maxwell <greg@xiph.org>).Mar 2 2020, 15:35

deadalnix added an edge: D5384: Remove secret-dependant non-constant time operation in ecmult_const..

Changes (5)

Path

Size

src/

secp256k1/

src/

ecmult_const_impl.h

tests_exhaustive.c

rABCe0772f4181f9

src/secp256k1/src/ecmult_const_impl.h

Loading...

src/secp256k1/src/group.h

Loading...

src/secp256k1/src/group_impl.h

Loading...

src/secp256k1/src/tests_exhaustive.c

Loading...

src/secp256k1/src/util.h

Loading...