Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add blinding to a DSA signature (1.1.0) #6523
This extends the recently added ECDSA signature blinding to blind DSA too.
This is based on side channel attacks demonstrated by Keegan Ryan (NCC
Normally, as in ECDSA, during signing the signer calculates:
s:= k^-1 * (m + r * priv_key) mod order
In ECDSA, the addition operation above provides a sufficient signal for a
As a mitigation (based on a suggestion from Keegan) we add blinding to
s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
Since this attack is a localhost side channel only no CVE is assigned.
This commit also tweaks the previous ECDSA blinding so that blinding is
This is the 1.1.0 version of #6522.