[curves] Constant-time big-integer support in Go standard library

[Tony Arcieri]

I think this is a good thing but would still recommend a
belt-and-suspenders approach which uses random blinding in addition to
"constant time" bignums.

The latter seem particularly hard to achieve securely in practice, with a
long history of failure.

Random blinding seems to provide a general defense against a wide range of
sidechannel attacks.
-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170708/14782055/attachment.html>