Return-Path: X-Original-To: cfrg@ietfa.amsl.com Delivered-To: cfrg@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F136E131D9E for ; Wed, 5 Jul 2017 11:38:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.398 X-Spam-Level: X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Vl1YwqBHwPr for ; Wed, 5 Jul 2017 11:38:24 -0700 (PDT) Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D2C131DB2 for ; Wed, 5 Jul 2017 11:38:21 -0700 (PDT) Received: by mail-lf0-x235.google.com with SMTP id z78so98191480lff.0 for ; Wed, 05 Jul 2017 11:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=IEtX10uknXUUmHfb547Us78T5keHcPRrmU85yAoBAPo=; b=Qdi3trVC0QAfhfrUMJyXRWm0Z3lzcPQbcB/vujK8gZgAzekTjgDEpiaBjQcge7Bt/d JMxC8kPdPgp1TsoAPLYMtvlefhTFCDh7W5B7IlBpOGwznd9MLZqdyEBPhiGLm0ERLiVY pRM4AvzkyW2lZpPY64oVSi6Epl0K2Hhm1ep1yfT7L6uHy/dqpUPpUuz2r7uH0iRF1OAK 0P589pULNEoLgqPkILj0GHeyV7n5SXvL95wjwP17k+x0EV4cmtyoVLRT0+DPJv1n0fDc 33RkcpVKfTipOSVgy6DaL6w7hn3f5W4w/elaMUf0NLbJlp+kA49r3XXbd7KCCK+ylEZk 8ehA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=IEtX10uknXUUmHfb547Us78T5keHcPRrmU85yAoBAPo=; b=CwNLkh5F4rfx9pwS4bYadS2B5tlLU2JssYFtOdjmVRSj/rItHsadk9xcO9wMkuZzHi tU2ABYy6liO0K+NFvYV1b/TB+FgdmG7dHIuegbd3SaZSaG+dGycEbfqj7ODtUsjpeBNO VbJbHiUzNX/GGr1C61WR5b5WtRiDjUYtsS02v1C5ha9pFEkMldo3KoYWRX6NgmfVQ9EG AB8VA3AhdUEw1AiCBNS3Pp3J5A+3NhB3Hx6n3xWjP8DlJmyWAQZN6Ej3n6Z6N72Yj8ed 0UAsYkC8R3T4GUgq5MJT3NB4ueQNw6Zz1TT/dXNg/6UI+H5xeM+jTcX1vocD8tLGQmOL PTRw== X-Gm-Message-State: AKS2vOwR61p0sNhnqj19wpXadK2GYqF5vCbKd8vs8HN7H/vSRJL44I8B EnjKz4TGgp7nKjiBLPDHsxAOVpBwsCaf X-Received: by 10.46.82.199 with SMTP id n68mr12158438lje.99.1499279898840; Wed, 05 Jul 2017 11:38:18 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.25.181.214 with HTTP; Wed, 5 Jul 2017 11:38:18 -0700 (PDT) From: Phillip Hallam-Baker Date: Wed, 5 Jul 2017 14:38:18 -0400 X-Google-Sender-Auth: e4LArwlx7mQ3iyeQbSf5L1fBfzY Message-ID: To: "cfrg@irtf.org" Content-Type: multipart/alternative; boundary="001a113be372ca138d0553964dff" Archived-At: Subject: [Cfrg] Side channel attack and Edwards curves... X-BeenThere: cfrg@irtf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Crypto Forum Research Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 18:38:26 -0000 --001a113be372ca138d0553964dff Content-Type: text/plain; charset="UTF-8" http://thehackernews.com/2017/07/gnupg-libgcrypt-rsa-encryption.html?m=1 Just another side channel attack and not something that bothers me writing reference code. But have we maybe put our eggs in the Montgomery ladder basket when maybe we should have gone for 'randomly split the private key into two parts, perform two separate multiplications with each part and add the result'. We can play the blinding game in Edwards or Montgomery but it is easier in Edwards. Anyone got code for adding points in compressed Montgomery? Thoughts? --001a113be372ca138d0553964dff Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Just anothe= r side channel attack and not something that bothers me writing reference c= ode. But have we maybe put our eggs in the Montgomery ladder basket when ma= ybe we should have gone for 'randomly split the private key into two pa= rts, perform two separate multiplications with each part and add the result= '.

We can play the blinding game in Edwards or Montgomery but it is easie= r in Edwards.

Anyone got code for adding points in compressed Montgomery?


<= /div>

Th= oughts?


--001a113be372ca138d0553964dff--