crypto lib not constant-time

bnb-chain / tss-lib

Threshold Signature Scheme, for ECDSA and EDDSA

MIT License

790 stars 271 forks source link

crypto lib not constant-time #111

Closed 0xmountaintop closed 3 years ago

0xmountaintop commented 3 years ago

dlnproof.Verify
ProofBobWC.Verify
RangeProofAlice.Verify

are not constant-time.

omershlo commented 3 years ago

Hi Chris! There is a broader question here of what is the impact of side-channels in MPC. This question was not explored enough in the literature. Understandably, it is better to make best effort to keep constant time when possible. However, in the specific 3 functions you provided - all of them are verification functions which run on public inputs anyway and therefore not required to be constant time.

0xmountaintop commented 3 years ago

Hi Chris! There is a broader question here of what is the impact of side-channels in MPC. This question was not explored enough in the literature. Understandably, it is better to make best effort to keep constant time when possible. However, in the specific 3 functions you provided - all of them are verification functions which run on public inputs anyway and therefore not required to be constant time.

i see. thanks for ur clarification!