--- Log opened Tue Jun 10 00:00:09 2025
08:02 -!- Ademan [~Ademan@user/Ademan] has quit [Ping timeout: 252 seconds]
08:47 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has joined #bitcoin-rust
08:52 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has quit [Ping timeout: 276 seconds]
09:10 -!- Ademan [~Ademan@user/Ademan] has joined #bitcoin-rust
09:13 < Ademan> Dumb question but https://github.com/rust-bitcoin/rust-secp256k1/pull/794/files/d611a4f25eba6bba9e0586e8234e0c184192468e#r2137820421 "Doesn't this introduce secret dependent branches?" Obviously yes, but it's not clear to me why that matters in this case, where it only affects an invalid case. Is the worry the compiler might do an unexpected optimization that ends up leaking information about secrets 
09:13 < Ademan> that *don't* match the pattern? (all 0s)
09:13 < Ademan> I didn't want to pollute the discussion thread with this question though
09:28 -!- proofofkeags [~proofofke@c-24-8-204-196.hsd1.co.comcast.net] has joined #bitcoin-rust
09:34 -!- proofofkeags [~proofofke@c-24-8-204-196.hsd1.co.comcast.net] has quit [Remote host closed the connection]
09:35 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has joined #bitcoin-rust
09:35 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has quit [Remote host closed the connection]
09:35 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has joined #bitcoin-rust
09:41 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has quit [Remote host closed the connection]
09:42 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has joined #bitcoin-rust
09:46 -!- proofofkeags [~proofofke@2601:283:5005:3c70:6c70:fefb:4969:9720] has quit [Ping timeout: 252 seconds]
11:33 -!- proofofkeags [~proofofke@174-29-203-14.hlrn.qwest.net] has joined #bitcoin-rust
11:37 -!- proofofkeags [~proofofke@174-29-203-14.hlrn.qwest.net] has quit [Ping timeout: 248 seconds]
12:10 -!- proofofkeags [~proofofke@174-29-203-14.hlrn.qwest.net] has joined #bitcoin-rust
14:59 -!- proofofkeags [~proofofke@174-29-203-14.hlrn.qwest.net] has quit [Quit: Leaving...]
18:25 < andytoshi> Ademan: the problem is that even in the "valid" case, it exposes how many 0s are in the secret key
18:25 < andytoshi> assuming somebody can do timing analysis precisely enough to see when the assertion is decided to be ok
18:26 < andytoshi> it's a fine question, you can ask it in public
18:26 < andytoshi> although jonas told me he'd ack it in the morning and then i'll merge it and probably discussion will go unnoticed after that. (i will open a followup to fix the timing thing and other stuff)
--- Log closed Wed Jun 11 00:00:10 2025