Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pieter.wuille@gmail.com>) id 1WLCRC-0008Oj-UZ
	for bitcoin-development@lists.sourceforge.net;
	Wed, 05 Mar 2014 14:04:46 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.223.177 as permitted sender)
	client-ip=209.85.223.177; envelope-from=pieter.wuille@gmail.com;
	helo=mail-ie0-f177.google.com; 
Received: from mail-ie0-f177.google.com ([209.85.223.177])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WLCRC-0000hr-Cd
	for bitcoin-development@lists.sourceforge.net;
	Wed, 05 Mar 2014 14:04:46 +0000
Received: by mail-ie0-f177.google.com with SMTP id rl12so1042908iec.22
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 05 Mar 2014 06:04:41 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.42.97.193 with SMTP id p1mr4698914icn.32.1394028281060; Wed,
	05 Mar 2014 06:04:41 -0800 (PST)
Received: by 10.50.141.135 with HTTP; Wed, 5 Mar 2014 06:04:41 -0800 (PST)
In-Reply-To: <B8414072-3C87-46BE-82DA-B372927300AA@me.com>
References: <CANEZrP25N7W_MeZin_pyVQP5pC8bt5yqJzTXt_tN1P6kWb5i2w@mail.gmail.com>
	<CAPg+sBgRn_hOVzTRwvtYaLEKmJR9Lfb-WDsA4eh9+FfAv9+Q5Q@mail.gmail.com>
	<B8414072-3C87-46BE-82DA-B372927300AA@me.com>
Date: Wed, 5 Mar 2014 15:04:41 +0100
Message-ID: <CAPg+sBgR1Ycaf5g1TCs7=ok2YSxoNhTJcAFdnO8o4BK47vavWg@mail.gmail.com>
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Jean-Paul Kogelman <jeanpaulkogelman@me.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(pieter.wuille[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WLCRC-0000hr-Cd
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] New side channel attack that can recover
 Bitcoin keys
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 14:04:47 -0000

On Wed, Mar 5, 2014 at 2:18 PM, Jean-Paul Kogelman
<jeanpaulkogelman@me.com> wrote:
>> As far as I know, judging from the implementation, there is hardly any
>> effort to try to prevent timing attacks.
>>
>
> Is it safe to assume that this is also true for your secp256k1 implementation?

I've done some preliminary work on making it leak less, but it's by no
means guaranteed to be constant time either (so better assume it is
not).

-- 
Pieter