mbedtls/ChangeLog.d/ecdsa-random-leading-zeros.txt

8 lines
401 B
Plaintext
Raw Normal View History

Security
* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
An adversary who is capable of very precise timing measurements could
learn partial information about the leading bits of the nonce used for the
signature, allowing the recovery of the private key after observing a
large number of signature operations. This completes a partial fix in
Mbed TLS 2.20.0.