Ubuntu
libsecp256k1 package

ECDH not constant time

Bug #2065806 reported by Janus
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libsecp256k1 (Ubuntu)
New
Undecided
Unassigned

Bug Description

https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md#032---2023-05-13 reports that newer versions of GCC (such as the one used in Ubuntu 24.04 LTS (Noble), which is version 13.2), will optimize away the content timeness of the ECDH function. It would be nice to get secp256k1 in Ubuntu updated to v0.3.2 or newer. If it's not possible to do in Noble, it could be done in Ubuntu Oracular.

Objdump reveals that the library is built with ECDH:

    % objdump -TC libsecp256k1.so.1| grep ecdh
    0000000000125cc8 g DO .data.rel.ro 0000000000000008 Base secp256k1_ecdh_hash_function_sha256
    0000000000125cd0 g DO .data.rel.ro 0000000000000008 Base secp256k1_ecdh_hash_function_default
    000000000000ddf0 g DF .text 00000000000010b7 Base secp256k1_ecdh

Janus (ysangkok+launchpad)
information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.