HomePhabricator
Diffusion Bitcoin ABC staging e0772f4181f9

Remove secret-dependant non-constant time operation in ecmult_const.
e0772f4181f9
Actions

Description

Remove secret-dependant non-constant time operation in ecmult_const.

Summary:

  • Remove secret-dependant non-constant time operation in ecmult_const.

ECMULT_CONST_TABLE_GET_GE was branching on its secret input.

Also makes secp256k1_gej_double_var implemented as a wrapper
on secp256k1_gej_double_nonzero instead of the other way
around. This wasn't a constant time bug but it was fragile
and could easily become one in the future if the double_var
algorithm is changed.

  • Clarify comments about use of rzr on ge functions and abs function.

This is a backport of secp256k1 PR709

Test Plan:

ninja check-secp256k1

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5384

Details

Provenance
Gregory Maxwell <greg@xiph.org>Authored on Jan 8 2020, 14:58
deadalnixCommitted on Mar 2 2020, 15:35
deadalnixPushed on Mar 2 2020, 18:23
Reviewer
Restricted Project
Differential Revision
D5384: Remove secret-dependant non-constant time operation in ecmult_const.
Parents
rSTAGINGb61e2167a9a2: Preventing compiler optimizations in benchmarks without a memory fence
Branches
Unknown
Tags
Unknown
References
tag: phabricator/base/16699

Changes (5)

PathSize
src/
secp256k1/
src/

rSTAGINGe0772f4181f9

View Options

src/secp256k1/src/ecmult_const_impl.h

Loading...
View Options

src/secp256k1/src/group.h

Loading...
View Options

src/secp256k1/src/group_impl.h

Loading...
View Options

src/secp256k1/src/tests_exhaustive.c

Loading...
View Options

src/secp256k1/src/util.h

Loading...