Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/ecdsa: use variable time ScalarBaseMult/ScalarMult in Verify #71297

Open
rolandshoemaker opened this issue Jan 16, 2025 · 1 comment
Open

crypto/ecdsa: use variable time ScalarBaseMult/ScalarMult in Verify #71297

rolandshoemaker opened this issue Jan 16, 2025 · 1 comment
Labels
Implementation Issues describing a semantics-preserving change to the Go implementation. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance
Milestone
Backlog

Comments

@rolandshoemaker
Copy link
Member

We're leaving some perf on the table by doing these operations in constant time. We should use a variable time scalar mult, similar to what we do for crypto/ed25519:

go/src/crypto/internal/fips140/ed25519/ed25519.go

Line 335 in 1a93e4a

R := (&edwards25519.Point{}).VarTimeDoubleScalarBaseMult(k, minusA, S)

cc @FiloSottile
@gabyhelp
Copy link

Related Code Changes

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@gabyhelp gabyhelp added the Implementation Issues describing a semantics-preserving change to the Go implementation. label Jan 16, 2025
@mknyszek mknyszek added this to the Backlog milestone Jan 17, 2025
@mknyszek mknyszek added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Implementation Issues describing a semantics-preserving change to the Go implementation. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@mknyszek @rolandshoemaker @gabyhelp