Bitcoin Forum
December 02, 2016, 10:37:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Mental note: ensure EC crypto is not susceptible to side channel attacks  (Read 1056 times)
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
February 25, 2011, 10:18:36 AM
 #1

For people working on mobile clients:

   http://threatpost.com/en_us/blogs/attack-can-extract-crypto-keys-mobile-device-signals-021611

OpenSSL has apparently been balanced to try and avoid this type of attack. I don't know about crypto++ or Bouncy Castle.
1480718239
Hero Member
*
Offline Offline

Posts: 1480718239

View Profile Personal Message (Offline)

Ignore
1480718239
Reply with quote  #2

1480718239
Report to moderator
1480718239
Hero Member
*
Offline Offline

Posts: 1480718239

View Profile Personal Message (Offline)

Ignore
1480718239
Reply with quote  #2

1480718239
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480718239
Hero Member
*
Offline Offline

Posts: 1480718239

View Profile Personal Message (Offline)

Ignore
1480718239
Reply with quote  #2

1480718239
Report to moderator
0x6763
Guest

February 25, 2011, 02:49:24 PM
 #2

I suspect Bouncy Castle doesn't, or at least I didn't see any comments about it in the Bouncy Castle source code yet.  I've mostly only looked at the EC code, though.  What does OpenSSL do to try to avoid this type of attack?
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
February 25, 2011, 03:38:15 PM
 #3

All operations are constant time. I don't know if you have to do more than that to be safe from power/rf analysis too.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!