For uncompromising security, the execution times of the relevant ocrypto operations must not depend on the secret data being processed. This mitigates the risk of common side-channel attacks, e.g., timing attacks. To meet this requirement, such operations in ocrypto have been designed to execute in constant time. This is even true for microcontrollers with data caches, e.g., products based on a Cortex-M7 core.
We have created formal correctness proofs for our novel algorithmic approaches to modular reduction and had them reviewed by an independent authority (Prof. W. Meier). They found our proofs “in all parts mathematically and formally correct”. Proof and review documents are available to licensees.
An extensive test suite is being used for validating ocrypto, with standard test vectors, test vectors for border cases, negative tests and random tests. The test suite is available to licensees.