2017.01.16 19:53:40 (821067916330303488) from Daniel J. Bernstein, replying to "JP Aumasson (@veorq)" (820935203094982656):
RFC 7748: "important that the arithmetic used not leak information about the integers". The paper is wrong when it claims compliance. @veorq
2017.01.16 11:06:19 (820935203094982656) from "JP Aumasson (@veorq)":
details of a timing leak in Curve25519-donna when built with 32-bit MSVC 2015 https://research.kudelskisecurity.com/2017/01/16/when-constant-time-source-may-not-save-you/