secp256k1_context_randomize

Updates the context randomization to protect against side-channel leakage.

extern (C)
int
secp256k1_context_randomize
(,
const(ubyte)* seed32
)

Return Value

Type: int

1: randomization successfully updated or nothing to randomize 0: error Args: ctx: pointer to a context object. In: seed32: pointer to a 32-byte random seed (NULL resets to initial state)

While secp256k1 code is written to be constant-time no matter what secret values are, it's possible that a future compiler may output code which isn't, and also that the CPU may not emit the same radio frequencies or draw the same amount power for all values.

This function provides a seed which is combined into the blinding value: that blinding value is added before each multiplication (and removed afterwards) so that it does not affect function results, but shields against attacks which rely on any input-dependent behaviour.

This function has currently an effect only on contexts initialized for signing because randomization is currently used only for signing. However, this is not guaranteed and may change in the future. It is safe to call this function on contexts not initialized for signing; then it will have no effect and return 1.

You should call this after secp256k1_context_create or secp256k1_context_clone (and secp256k1_context_preallocated_create or secp256k1_context_clone, resp.), and you may call this repeatedly afterwards.

Meta