[curves] Summary of ECC 2015 Workshop

Gregory Maxwell gmaxwell at gmail.com
Thu Oct 1 14:25:21 PDT 2015

On Thu, Oct 1, 2015 at 5:48 PM, Trevor Perrin <trevp at trevp.net> wrote:
> Great report by Steven Galbraith on last week's workshop (plus a panel
> transcript!), and link to the slides.  Lots of good reading:
> https://ellipticnews.wordpress.com/2015/10/01/ecc-2015-bordeaux-france-september-28-30-2015/

"Peter Schwabe gave a stimulating talk about the problem of using
automated tools to prove the correctness and security of crypto
software. He demonstrated how the valgrind profiling tool can be used
on real crypto code, but emphasised that such tools create a massive
overhead for software developers."

I'm interested in this-- in libsecp256k1 in the past we've used
valgrind by setting secret data to 'uninitialized'  with the memcheck
macros and then valgrind whines about conditional branches on the
secret data. This is far from complete, but not bad automated backstop
on boneheaded mistakes. I'm wondering if it was just something like
this, or something somewhat more advanced?

In theory valgrind could be instrumented to catch any leak-prone
operations on secret data this way... but creating a new valgrind
checker is a somewhat daunting prospect.

More information about the Curves mailing list