bitcoin

mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-26 19:23:26 -03:00

History

Gregory Maxwell d2275795ff Add scalar blinding and a secp256k1_context_randomize() call. This computes (n-b)G + bG with random value b, in place of nG in ecmult_gen() for signing. This is intended to reduce exposure to potential power/EMI sidechannels during signing and pubkey generation by blinding the secret value with another value which is hopefully unknown to the attacker. It may not be very helpful if the attacker is able to observe the setup or if even the scalar addition has an unacceptable leak, but it has low overhead in any case and the security should be purely additive on top of the existing defenses against sidechannels.	2015-04-22 19:25:16 +00:00
..
secp256k1.h	Add scalar blinding and a secp256k1_context_randomize() call.	2015-04-22 19:25:16 +00:00

Gregory Maxwell d2275795ff Add scalar blinding and a secp256k1_context_randomize() call.

This computes (n-b)G + bG with random value b, in place of nG in
 ecmult_gen() for signing.

This is intended to reduce exposure to potential power/EMI sidechannels
 during signing and pubkey generation by blinding the secret value with
 another value which is hopefully unknown to the attacker.

It may not be very helpful if the attacker is able to observe the setup
 or if even the scalar addition has an unacceptable leak, but it has low
 overhead in any case and the security should be purely additive on top
 of the existing defenses against sidechannels.

2015-04-22 19:25:16 +00:00

secp256k1.h

Add scalar blinding and a secp256k1_context_randomize() call.

2015-04-22 19:25:16 +00:00