search

Dustin-Ray / capyCRYPT

An experimental high-performance cryptosystem.
MIT License
12 stars 1 forks source link

fix: memory safe curve point multiplication #24

Closed Dustin-Ray closed 1 year ago

Dustin-Ray commented 1 year ago

This library attempts to provide side channel resistance wherever possible. Currently, point multiplication is realized through a montgomery ladder. This offers robust resistance against branch analysis, but an adversary monitoring memory may still be able to discern the secret key values used in multiplication.

There is a step in the literature which performs dummy operations in memory. Reference to follow. Implementing this feature would lead to curve operations that are both resistant to branch analysis as well as cache timing analysis.

Dustin-Ray commented 1 year ago

These two papers: 1 and 2

both describe a ladder that does not use if/else branches and is thus resistant to cache timing analysis. The method described removes branching statements and conducts 63 fixed operations in a row with no branching. More investigation to follow.

Dustin-Ray commented 1 year ago

page 21

Dustin-Ray commented 1 year ago

closing this issue as #29 is built out. We may end up with a solution there as we gut the entire curve portion of this library.