Skip to content
  1. Aug 14, 2018
  2. Aug 11, 2018
  3. Aug 10, 2018
  4. Aug 07, 2018
  5. Aug 01, 2018
  6. Jul 26, 2018
  7. Jul 25, 2018
  8. Jul 23, 2018
  9. Jul 22, 2018
  10. Jul 13, 2018
  11. Jul 03, 2018
  12. Jun 28, 2018
  13. Jun 25, 2018
  14. Jun 24, 2018
  15. Jun 21, 2018
  16. Jun 19, 2018
  17. Jun 18, 2018
  18. Jun 13, 2018
    • Matt Caswell's avatar
      Add blinding to an ECDSA signature · 949ff366
      Matt Caswell authored
      
      
      Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
      ECDSA signature operation. During signing the signer calculates:
      
      s:= k^-1 * (m + r * priv_key) mod order
      
      The addition operation above provides a sufficient signal for a
      flush+reload attack to derive the private key given sufficient signature
      operations.
      
      As a mitigation (based on a suggestion from Keegan) we add blinding to
      the operation so that:
      
      s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
      
      Since this attack is a localhost side channel only no CVE is assigned.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      949ff366
  19. Jun 12, 2018
  20. Jun 09, 2018
  21. Jun 02, 2018