ECC mode very slow, and possibly subject to timing attacks?

Jun 29, 2013 at 5:50 PM
According to this thread on Security.Stackexchange.com, the Bouncy Castle implementation of ECC (used in this project) is slow, and may be subject to timing attacks akin to OpenSSL's vulnerability in 2011.

http://security.stackexchange.com/q/38169/396


Is there any truth to the claim that there are timing attacks (in theory) in this implementation?
Coordinator
Jul 16, 2013 at 12:13 AM
The U-Prove SDK allows developers to plug-in different math modules. One could replace Bouncy Castle with another library if its performance is deemed unsatisfactory for an application.
Coordinator
May 1, 2014 at 3:14 PM
Note that the new Bouncy Castle beta we integrated last month significantly improves the ECC performance; you might want to take another look now.
Jul 12, 2014 at 10:19 PM
Thank you, the performance has increased significantly.