[Standards] OMEMO and Olm
sam at samwhited.com
Sun May 28 14:53:16 UTC 2017
On Sun, May 28, 2017 at 1:15 AM, Remko Tronçon <remko at el-tramo.be> wrote:
> Is this really true? You can do *a lot* of branches+memcpys for 3 loops over
> all data as far as I know. I would have guessed this was a measure against
> timing attacks. Where is this CMov coming from?
In this case I don't *think* timing attacks are important because
we're just changing the point from one side of the curve to another
and as far as I can see figuring out that we calculated the point on
the wrong side isn't valueable information; it's just expected.
If you're curious, feel free to ping me out of band
(sam at samwhited.com, email or JID) and I can send you the code it
generates; there are definitely no jumps there, and it's actually
quite interesting :)
> The reason I'm nitpicking is this: even with a single properly licensed
> XEdDSA implementation in an unestablished library (or libolm), I still feel
> uncomfortable depending a XEP on it.
FWIW, the Go crypto libraries may not be as old as OpenSSL, but
they're certainly established; besides Google themselves, Cloudflare
uses them for all of their TLS traffic and that's a substantial
portion of traffic on the web (7% or something is the number I've
heard them throw about?). However, I'm not sure this actually matters.
> There's a certain amount of uncertainty
> whether the author didn't "reuse existing bits of software" (an expression
> thrown around a few times on this list recently), perhaps infringing
> copyright in the process, making me as a software vendor vulnerable to legal
I don't beleive this is true; see my response to Dave.
> This is why I asked for an implementation in an established crypto
> library like OpenSSL or LibSodium, where, besides review of quality,
> contributors sign agreements. I would then feel safer that the heat isn't
> directly on me if something is wrong copyright-wise with the libraries i'm
The Go libraries use Google's standard CLA, so if it's accepted, we'll
see. Obviously not everyone is using Go or can use it in this form,
but as I said, it was just an example. You could copy/paste the ref10
implementation and use that easily enough, just like OWS did.
More information about the Standards