How hard would it be to implement some of these such as the simplest of multiplying the nonce by the group order?
Other mitigation are double loop counters on nonce copy and basepoint copy.
Although, I realize fault attacks may be out of scope for this implementation
jedisct1
commented
3 years ago
In "New Bleichenbacher Records: Fault Attacks on qDSA Signatures" (https://tches.iacr.org/index.php/TCHES/article/view/7278), they mention several countermeasures in section 3.4.
How hard would it be to implement some of these such as the simplest of multiplying the nonce by the group order? Other mitigation are double loop counters on nonce copy and basepoint copy.
Although, I realize fault attacks may be out of scope for this implementation