"_gcry_consttime_cmov": this could be hardened against nonce@once style attacks. _gcry_mpih_set_cond in mpi/mpih-const-time.c can be used as example for this (uses two masks and AND/OR instead of single mask with XOR).

pqc-thunderbird / libgcrypt

GNU General Public License v2.0

1 stars 0 forks source link

Closed falko-strenzke closed 1 year ago

falko-strenzke commented 1 year ago

Our code is only addressing constant time, not power / EM attacks.