commit f6c23104c2f4f98f8696afca5850acf83193aee0
parent 3122544d89d858b7f15e5f23fedd1c77986ccaec
Author: Jared Tobin <jared@jtobin.io>
Date: Sun, 9 Mar 2025 18:44:02 +0400
meta: (non) constant-time note
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/README.md b/README.md
@@ -53,6 +53,9 @@ This library aims at the maximum security achievable in a
garbage-collected language under an optimizing compiler such as GHC, in
which strict constant-timeness can be [challenging to achieve][const].
+Note that *at present* we use GHC's native variable-length Integer type
+internally, and make no guarantees of constant-time execution.
+
If you discover any vulnerabilities, please disclose them via
security@ppad.tech.
