commit 9940200d92ff96d532ac4460b9f05e6f18f65c9e parent 0f2d7bdd7e67521c7cbbf834421e203d53074fbb Author: Jared Tobin <jared@jtobin.io> Date: Sun, 21 Dec 2025 17:57:19 -0330 lib: improve ecdh ct properties Diffstat:
| M | lib/Crypto/Curve/Secp256k1.hs | | | 8 | ++++---- |
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/Crypto/Curve/Secp256k1.hs b/lib/Crypto/Curve/Secp256k1.hs @@ -930,10 +930,10 @@ ecdh -> Wider -- ^ secret key -> Maybe BS.ByteString -- ^ shared secret ecdh pub _SECRET = do - pt <- mul pub _SECRET - guard (pt /= _CURVE_ZERO) - case affine pt of - Affine (C.retr -> x) _ -> pure $! SHA256.hash (unroll32 x) + pt@(P _ _ (C.Montgomery -> z)) <- mul pub _SECRET + let !(Affine (C.retr -> x) _) = affine pt + !result = SHA256.hash (unroll32 x) + if CT.decide (C.eq z 0) then Nothing else Just result -- schnorr -------------------------------------------------------------------- -- see https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki