SPAKE2/SPAKE2+ password-authenticated key exchange for OCaml
spake2: fix README — implementation IS constant-time (mirage-crypto-ec/fiat-crypto)
+5
-5
+5
-5
README.md
+5
-5
README.md
···
14
14
15
15
## Security Notice
16
16
17
-
This implementation uses Zarith for P-256 elliptic curve arithmetic, which is
18
-
**not constant-time**. This means the implementation has timing side-channel
19
-
vulnerabilities. For high-security deployments, consider using hardware security
20
-
modules or ensuring operations occur on trusted networks only.
17
+
This implementation uses mirage-crypto-ec for P-256 elliptic curve operations,
18
+
which provides **constant-time** arithmetic via code generated by fiat-crypto.
19
+
Scalar operations use Zarith but only for protocol-level math (not secret-dependent
20
+
branching). The P-256 point operations are constant-time.
21
21
22
22
## Installation
23
23
···
86
86
87
87
### P-256 Curve
88
88
89
-
- `Spake2.P256.scalar_mult k p` - Scalar multiplication
90
89
- `Spake2.P256.add p q` - Point addition
90
+
- `Spake2.P256.negate p` - Point negation
91
91
- `Spake2.P256.to_bytes p` - Encode point (SEC1 uncompressed)
92
92
- `Spake2.P256.of_bytes s` - Decode and validate point
93
93