Closed infokiller closed 4 years ago
The implementation in python-shamir-mnemonic is intended for reference purposes and, for example, to generate test vectors. The trezor-firmware version is aimed at a more secure, albeit less legible implementation. One important example of this is the interpolate
function which uses a table of discrete logarithms in the reference implementation, https://github.com/trezor/python-shamir-mnemonic/blob/master/shamir_mnemonic/__init__.py#L132. In comparison trezor-firmware uses a C implementation of this function, https://github.com/trezor/trezor-firmware/blob/master/crypto/shamir.c, which is more resilient against side channel leakage.
I am sure some of the functions from the reference implementation could be reused in trezor-firmware, but I am not sure it's worth the trouble. Perhaps something to consider as part of https://github.com/trezor/trezor-firmware/issues/407.
Thanks for the quick response! Other than the lack of memory obfuscation/protection and side channel leakage, are you aware of any other vulnerabilities in the reference implementation (related to #17)?
Other than the lack of memory obfuscation/protection and side channel leakage, are you aware of any other vulnerabilities in the reference implementation (related to #17)?
I don't recall anything else.
Hey,
Looking at trezor-firmware, I see a parallel implementation. I assume some of the code can't be shared because of the different computing environments assumed, but it seems there's currently no code sharing at all. Why is that?
Thanks