It's argued that [batches of] multiplications by zero can be discerned by monitoring the power and possibly even electromagnetic radiation. Since [otherwise constant-time] operations on infinity points perform batches of multiplications by zero, they could be used to identify sequences of zero bits in the secret key. To minimize the leakage, always pass non-infinity points to point operations and mask the throw-away results.
dot-asm
commented
1 year ago
It's argued that [batches of] multiplications by zero can be discerned by monitoring the power and possibly even electromagnetic radiation. Since [otherwise constant-time] operations on infinity points perform batches of multiplications by zero, they could be used to identify sequences of zero bits in the secret key. To minimize the leakage, always pass non-infinity points to point operations and mask the throw-away results.