[botan-devel] Botan ECDSA side channel

Jack Lloyd jack at randombit.net
Wed Jun 13 12:41:03 EDT 2018

Botan (along with OpenSSL, NSS, libgcrypt, etc) is affected by an ECDSA side
channel found by Keegan Ryan of NCC group, and described here:


The attack allows key recovery, but requires the attacker be both running on the
same machine (able to conduct a cache-based side channel) and able to trigger
ECDSA signature generation on demand. For instance a TLS server using ECDSA
certificate and running in a cloud environment might be vulnerable.

A patch will be included in the 2.7.0 release on July 2nd. If side channels are
a concern in your environment, you can apply the patch from


More information about the botan-devel mailing list