Author: Tim Ruffing 2023-05-14 17:35:38
Published on: 2023-05-14T17:35:38+00:00
The version 0.3.2 of libsecp256k1 has been released. This release comes after the bugfix release of version 0.3.1. The reason for this release is the discovery that GCC 13 had become smart enough to optimize out a specific timing side-channel protection mechanism in the ECDH code, which could leave applications vulnerable to a side-channel attack. This issue has been fixed in version 0.3.2. Users of the library who may end up compiling their code with GCC >=13 are highly recommended to upgrade. However, Bitcoin Core is not affected as it does not use libsecp256k1's ECDH module.The underlying side-channel issue fixed in this release is similar to the problem that led to the previous 0.3.1 release. Unfortunately, there is no generic way to prevent compilers from "optimizing" code by adding secret-dependent branches, which are undesired in cryptographic applications. It is hard to predict what optimizations future compiler versions will add. There is ongoing work to test on unreleased development snapshots of GCC and Clang, which would make it possible to catch similar cases earlier in the future.For a full changelog, please visit https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md. Links to the pull requests can be found at https://github.com/bitcoin-core/secp256k1/pull/1303 and https://github.com/bitcoin-core/secp256k1/pull/1313.
Updated on: 2023-06-01T16:52:29.872907+00:00