Author: Pieter Wuille 2014-03-05 12:56:05
Published on: 2014-03-05T12:56:05+00:00
In an email conversation between Mike Hearn and Pieter on March 5, 2014, Hearn expressed his lack of awareness regarding any efforts to make OpenSSL's secp256k1 implementation fully side-channel free. He also expressed concern that even if OpenSSL gets fixed, the custom implementations likely won't be fixed. Furthermore, Pieter noted that there seemed to be little effort in preventing timing attacks based on the implementation. This exchange highlights potential vulnerabilities in OpenSSL's implementation of ECDSA and the need for continued efforts to address these issues.
Updated on: 2023-05-19T18:12:56.463049+00:00