[curves] Summary of ECC 2015 Workshop

Diego Aranha dfaranha at gmail.com
Thu Oct 1 14:29:52 PDT 2015

Dear Gregory,

Have you tried FlowTracker?


It does something very similar to what you describe at compiled-code level
by using LLVM, and can be used offline as well.

Feedback is welcome!

Diego de Freitas Aranha
Institute of Computing - University of Campinas

On Thu, Oct 1, 2015 at 6:25 PM Gregory Maxwell <gmaxwell at gmail.com> wrote:

> On Thu, Oct 1, 2015 at 5:48 PM, Trevor Perrin <trevp at trevp.net> wrote:
> > Great report by Steven Galbraith on last week's workshop (plus a panel
> > transcript!), and link to the slides.  Lots of good reading:
> >
> >
> https://ellipticnews.wordpress.com/2015/10/01/ecc-2015-bordeaux-france-september-28-30-2015/
> "Peter Schwabe gave a stimulating talk about the problem of using
> automated tools to prove the correctness and security of crypto
> software. He demonstrated how the valgrind profiling tool can be used
> on real crypto code, but emphasised that such tools create a massive
> overhead for software developers."
> I'm interested in this-- in libsecp256k1 in the past we've used
> valgrind by setting secret data to 'uninitialized'  with the memcheck
> macros and then valgrind whines about conditional branches on the
> secret data. This is far from complete, but not bad automated backstop
> on boneheaded mistakes. I'm wondering if it was just something like
> this, or something somewhat more advanced?
> In theory valgrind could be instrumented to catch any leak-prone
> operations on secret data this way... but creating a new valgrind
> checker is a somewhat daunting prospect.
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20151001/f6c89ab8/attachment.html>

More information about the Curves mailing list