[Standards] OMEMO and Olm

Sam Whited sam at samwhited.com
Sun May 28 14:53:16 UTC 2017

On Sun, May 28, 2017 at 1:15 AM, Remko Tronçon <remko at el-tramo.be> wrote:
> Is this really true? You can do *a lot* of branches+memcpys for 3 loops over
> all data as far as I know. I would have guessed this was a measure against
> timing attacks. Where is this CMov coming from?

In this case I don't *think* timing attacks are important because
we're just changing the point from one side of the curve to another
and as far as I can see figuring out that we calculated the point on
the wrong side isn't valueable information; it's just expected.

If you're curious, feel free to ping me out of band
(sam at samwhited.com, email or JID) and I can send you the code it
generates; there are definitely no jumps there, and it's actually
quite interesting :)

> The reason I'm nitpicking is this: even with a single properly licensed
> XEdDSA implementation in an unestablished library (or libolm), I still feel
> uncomfortable depending a XEP on it.

FWIW, the Go crypto libraries may not be as old as OpenSSL, but
they're certainly established; besides Google themselves, Cloudflare
uses them for all of their TLS traffic and that's a substantial
portion of traffic on the web (7% or something is the number I've
heard them throw about?). However, I'm not sure this actually matters.

> There's a certain amount of uncertainty
> whether the author didn't "reuse existing bits of software" (an expression
> thrown around a few times on this list recently), perhaps infringing
> copyright in the process, making me as a software vendor vulnerable to legal
> attacks.

I don't beleive this is true; see my response to Dave.

> This is why I asked for an implementation in an established crypto
> library like OpenSSL or LibSodium, where, besides review of quality,
> contributors sign agreements. I would then feel safer that the heat isn't
> directly on me if something is wrong copyright-wise with the libraries i'm
> using.

The Go libraries use Google's standard CLA, so if it's accepted, we'll
see. Obviously not everyone is using Go or can use it in this form,
but as I said, it was just an example. You could copy/paste the ref10
implementation and use that easily enough, just like OWS did.


More information about the Standards mailing list