micro-ecc icon indicating copy to clipboard operation
micro-ecc copied to clipboard

Published 20 hours ago verified publisher icon kmackay

secp160r1 incorrect signatures on ARM Cortex M0

Open J08nY opened this issue 2 years ago • 2 comments
trafficstars

micro-ecc computes a wrong signature on secp160r1 on ARM Cortex M0.

The compile-time settings are:

-DuECC_SUPPORTS_secp160r1=1
-DuECC_SUPPORTS_secp192r1=0
-DuECC_SUPPORTS_secp224r1=0
-DuECC_SUPPORTS_secp256r1=0
-DuECC_SUPPORTS_secp256k1=0
-DuECC_SUPPORT_COMPRESSED_POINT=0
-DuECC_OPTIMIZATION_LEVEL=3
-DuECC_SQUARE_FUNC=1
-fomit-frame-pointer

with arm-none-eabi-gcc version 13.1.0 and optimization level -O3 (but also reproduced with levels [s, 1, 2]).

For a pubkey of: (1248267197097365432264186274468065254236796158617, 518980666782735319294616719874128744577850778311)

and a hash of cdfd35e9983ed989984e026546b241803bebd02b, it produces a signature of: (1012199123568660032231186032600072213159176233822, 416085392951447075179638451199529832674058226010), which is invalid.

When compiled to target the host (x86_64) it produces valid signatures. Other curves also work correctly.

J08nY avatar May 16 '23 17:05 J08nY

Yeah it's essential to be portable.

What if you turn -DuECC_OPTIMIZATION_LEVEL=0 ?

mrx23dot avatar Jan 04 '24 11:01 mrx23dot

I vaguely remember that the optimization level was important for the error to show up (i.e. the error did not show up with optimization level 0).

J08nY avatar Jan 23 '24 12:01 J08nY