Closed vikramrajkumar closed 7 years ago
From @bytemaster on July 3, 2015 19:9
This deserves some major brownie pts, pmconrad, please post a BTS account name.
From @pmconrad on July 3, 2015 20:0
Well, since I coded some of it I don't feel like I really deserve it, but... please send them to "pmc", and thanks!
From @arhag on July 3, 2015 20:45
Wait, libsecp256k1 supports deterministic signing.
Derandomized DSA (via RFC6979 or with a caller provided function.)
Here is RFC6979 by the way: https://tools.ietf.org/html/rfc6979
So is that extra entropy necessary at all or is it just an optional bonus? I don't understand why context_randomize should be necessary at all?
Edit: Apparently, this (https://github.com/bitcoin/secp256k1/commit/d2275795ff22a6f4738869f5528fbbb61738aa48) is why it is needed. It is to "reduce exposure to potential power/EMI sidechannels". Crazy stuff. Of course, it isn't a threat at all if the attacker isn't physically near the signing device.
From @theoreticalbts on January 8, 2016 20:21
@bytemaster what is the status of this ticket? Is this a real problem, or can I close it?
Too unclear
From @pmconrad on July 3, 2015 14:58
I stumbled across this https://github.com/bitcoin/secp256k1/pull/254#issuecomment-118074138 :
Apparently we need to call context_randomize regularly (for signing), with proper synchronization.
Copied from original issue: cryptonomex/graphene#131