Skip to content

Investigate side channels in key handling for example  #42

Description

@amiller

The elliptic curve code used for secp256k1 signing is quite clearly not written in to be constant time. This almost certainly undermines the security goals in key manager, but it would be nice to address this as part of a more comprehensive effort to document and manage side channels
https://github.com/flashbots/andromeda-sirrah-contracts/blob/main/src/crypto/EllipticCurve.sol#L155

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdocumentationImprovements or additions to documentation

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions