Re: Blinding implementation in OpenSSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > Could you please explain how blinding works in OpenSSL?
> >
> > EC_KEY structure seems to have an unblinded private key structure and
> > blinded X, Y, Z- coordinates of the public key when blinding is in
> > use. But if I understand correctly, he idea of blinding is protecting
> > the private key from extracting from memory/swap/etc? Am I wrong?
>
> No, blinding is done during the private key operations to "randomize"
> the computations so timing and other side channels do not leak the
> private key. The private key itself is not modified.

Dmitry is correct in that coordinate blinding and scalar blinding are
different things. The question seems to be why doesn't OpenSSL do
coordinate blinding. (Hoping I'm not interpreting too much.)

BBB



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux