[bitcoin-dev] libsecp256k1 0.3.2 released

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Tim Ruffing <crypto@timruffing•de>
To: bitcoin-dev@lists•linuxfoundation.org
Subject: [bitcoin-dev] libsecp256k1 0.3.2 released
Date: Sun, 14 May 2023 19:35:38 +0200	[thread overview]
Message-ID: <cf010a83bf60a16e66e40f78494fc7b7b17a336a.camel@timruffing.de> (raw)

Hello,

We'd like to announce the release of version 0.3.2 of libsecp256k1:

  https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.2

This is a bugfix release after 0.3.1. The impetus for this release is
the discovery that GCC 13 became smart enough to optimize out a
specific timing side-channel protection mechanism in the ECDH code that
could leave applications vulnerable to a side-channel attack. This has
been fixed in 0.3.2 [1].

For the full changelog, see
  https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md

We strongly recommend any users of the library to upgrade if their code
may end up being compiled with GCC >=13. Bitcoin Core is not affected
because it does not use libsecp256k1's ECDH module.

Note: The underlying side-channel issue is very similar to the issue
that lead to the previous 0.3.1 release. Unfortunately, there is no
generic way to prevent compilers from "optimizing" code by adding
secret-dependent branches (which are undesired in cryptographic
applications), and it is hard to predict what optimizations future
compiler versions will add. There's ongoing work [2] to test on
unreleased development snapshots of GCC and Clang, which would make it
possible to catch similar cases earlier in the future.

[1]: https://github.com/bitcoin-core/secp256k1/pull/1303
[2]: https://github.com/bitcoin-core/secp256k1/pull/1313

                 reply	other threads:[~2023-05-14 17:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cf010a83bf60a16e66e40f78494fc7b7b17a336a.camel@timruffing.de \
    --to=crypto@timruffing$(echo .)de \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox