Why is the code not shared with trezor firmware?

[infokiller]

Hey,

Looking at trezor-firmware, I see a parallel implementation. I assume some of the code can't be shared because of the different computing environments assumed, but it seems there's currently no code sharing at all. Why is that?

Thanks

[andrewkozlik]

The implementation in python-shamir-mnemonic is intended for reference purposes and, for example, to generate test vectors. The trezor-firmware version is aimed at a more secure, albeit less legible implementation. One important example of this is the interpolate function which uses a table of discrete logarithms in the reference implementation, https://github.com/trezor/python-shamir-mnemonic/blob/master/shamir_mnemonic/__init__.py#L132. In comparison trezor-firmware uses a C implementation of this function, https://github.com/trezor/trezor-firmware/blob/master/crypto/shamir.c, which is more resilient against side channel leakage.

I am sure some of the functions from the reference implementation could be reused in trezor-firmware, but I am not sure it's worth the trouble. Perhaps something to consider as part of https://github.com/trezor/trezor-firmware/issues/407.

[infokiller]

Thanks for the quick response! Other than the lack of memory obfuscation/protection and side channel leakage, are you aware of any other vulnerabilities in the reference implementation (related to #17)?

[andrewkozlik]

Other than the lack of memory obfuscation/protection and side channel leakage, are you aware of any other vulnerabilities in the reference implementation (related to #17)?

I don't recall anything else.