Something to think about: suppose there's a deterministic carry mispropagation bug that can be triggered with 1% of the scalar values. Is it possible to extract the private key?
-
-
In general, I am skeptical that we need crypto-specific mitigations for Rowhammer and similar bugs, because it seems likely there are always other magic bits that could be flipped to cause the same or worse damage.
-
This is true, you could e.g. flip a specific bit to get admin rights. The small motivation for our rowhammer eddsa attacks was that in certain scenarios you could flip ANY bit in a large message to be signed and obtain the key
-
Indeed, what?
-
The Problem with rowhammer is that depending on the scenario sometimes it is hard to flip specific bits, so that you could get admin rights or modify access flags (I am not an expert on rowhammer, please do not ask more :))
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.