[Bitcoin-development] New side channel attack that can recover Bitcoin keys

Pieter Wuille pieter.wuille at gmail.com
Wed Mar 5 12:56:05 UTC 2014


On Wed, Mar 5, 2014 at 1:49 PM, Mike Hearn <mike at plan99.net> wrote:
> I am not currently aware of any efforts to make OpenSSL's secp256k1
> implementation completely side channel free in all aspects. Also,
> unfortunately many people have reimplemented ECDSA themselves and even if
> OpenSSL gets fixed, the custom implementations probably won't.

As far as I know, judging from the implementation, there is hardly any
effort to try to prevent timing attacks.

-- 
Pieter




More information about the bitcoin-dev mailing list