RUSTSEC-2019-0027

Flaw in Scalar::check_overflow allows side-channel timing attack

Issued
Package
libsecp256k1 (crates.io)
Type
Vulnerability
Categories
  • crypto-failure
Aliases
Patched
  • >=0.3.1
Keywords
  • crypto
  • sidechannel
Affected Functions
Version
libsecp256k1::Scalar::check_overflow
  • <0.3.1

Description

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow in constant time.

This allows an attacker to potentially leak information via a timing attack.

The flaw was corrected by modifying Scalar::check_overflow to execute in constant time.

More