secp256k1

Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | README | LICENSE

commit 16dc42c874f7a36f15bd2ee31f3a3a42dff1c8a5
parent 4fff017ccb0717ebe0bf4247beb429469caece1b
Author: Jared Tobin <jared@jtobin.io>
Date:   Sat, 19 Oct 2024 15:55:39 +0400

meta: readme note

Diffstat:
MREADME.md | 20+++++++++++---------
Mbench/Main.hs | 4++--
2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md @@ -129,10 +129,10 @@ secret data: std dev 48.99 μs (40.83 μs .. 62.77 μs) ``` -Be aware that integer division modulo the elliptic curve group order, -when benchmarked on its own, does display persistent substantial timing -differences on the order of 2 ns when the inputs are dramatically -different in size: +Integer division modulo the elliptic curve group order, when benchmarked +on its own, does display persistent substantial timing differences on +the order of 2 nanoseconds when the inputs are dramatically different in +size: ``` benchmarking remQ (remainder modulo _CURVE_Q)/remQ 2 @@ -148,11 +148,13 @@ different in size: std dev 882.9 ps (647.8 ps .. 1.317 ns) ``` -Because we don't make "hard" guarantees of constant-time execution, take -reasonable security precautions as appropriate. You shouldn't deploy the -implementations within in any situation where they could easily be used -as an oracle to construct a [timing attack][timea], and you shouldn't -give sophisticated malicious actors [access to your computer][flurl]. +This is likely to be within acceptable limits for all but the most +extreme security requirements, but because we don't make "hard" +guarantees of constant-time execution, take reasonable security +precautions as appropriate. You shouldn't deploy the implementations +within in any situation where they could easily be used as an oracle to +construct a [timing attack][timea], and you shouldn't give sophisticated +malicious actors [access to your computer][flurl]. If you discover any vulnerabilities, please disclose them via security@ppad.tech. diff --git a/bench/Main.hs b/bench/Main.hs @@ -28,8 +28,8 @@ main = defaultMain [ remQ :: Benchmark remQ = env setup $ \x -> bgroup "remQ (remainder modulo _CURVE_Q)" [ - bench "remQ (2 ^ 255 - 19)" $ nf S.remQ x - , bench "remQ 2 " $ nf S.remQ 2 + bench "remQ 2 " $ nf S.remQ 2 + , bench "remQ (2 ^ 255 - 19)" $ nf S.remQ x ] where setup = pure . S.parse_int256 $ B16.decodeLenient