This project has moved and is read-only. For the latest updates, please go here.

ECC mode very slow, and possibly subject to timing attacks?

Jun 29, 2013 at 6:50 PM
According to this thread on, the Bouncy Castle implementation of ECC (used in this project) is slow, and may be subject to timing attacks akin to OpenSSL's vulnerability in 2011.

Is there any truth to the claim that there are timing attacks (in theory) in this implementation?
Jul 16, 2013 at 1:13 AM
The U-Prove SDK allows developers to plug-in different math modules. One could replace Bouncy Castle with another library if its performance is deemed unsatisfactory for an application.
May 1, 2014 at 4:14 PM
Note that the new Bouncy Castle beta we integrated last month significantly improves the ECC performance; you might want to take another look now.
Jul 12, 2014 at 11:19 PM
Thank you, the performance has increased significantly.