Open amiller opened 5 months ago
The elliptic curve code used for secp256k1 signing is quite clearly not written in to be constant time. This almost certainly undermines the security goals in key manager, but it would be nice to address this as part of a more comprehensive effort to document and manage side channels https://github.com/flashbots/andromeda-sirrah-contracts/blob/main/src/crypto/EllipticCurve.sol#L155
The elliptic curve code used for secp256k1 signing is quite clearly not written in to be constant time. This almost certainly undermines the security goals in key manager, but it would be nice to address this as part of a more comprehensive effort to document and manage side channels https://github.com/flashbots/andromeda-sirrah-contracts/blob/main/src/crypto/EllipticCurve.sol#L155