Mitigating side-channel attacks
For uncompromising security, the execution times of the relevant ocrypto operations must not depend on the secret data being processed. This "constant-time execution" property is an essential mitigation against common side-channel attacks, e.g., timing attacks. Achieving constant-time execution is a hard problem, unless execution speed can be sacrificed.
All relevant operations in ocrypto have been designed from the outset for fast constant-time execution. This property is guaranteed even for microcontrollers with data caches, e.g., products based on a Cortex-M7 core. Also, it is guaranteed even for all edge cases, which is notoriously difficult in particular for NIST curves.
Achieving this uncompromising level of security, without introducing massive overhead, is what makes ocrypto unique in the industry.
We have created formal correctness proofs for our novel algorithmic approaches to modular reduction and had them reviewed by an independent authority (Prof. W. Meier, one of the designers of the BLAKE hashing algorithm). Our proofs were found “in all parts mathematically and formally correct”. Proof and review documents are available to licensees.
An extensive test suite is being used for validating ocrypto, with standard test vectors, test vectors for border cases, negative tests and random tests. The test suite is available to licensees.