From 7bbe300e7aeb47ee64e6581222a5b6e55bc6f1ea Mon Sep 17 00:00:00 2001
From: scgbckbone <scgbckbone@proton.me>
Date: Mon, 5 Aug 2024 09:32:50 +0200
Subject: [PATCH] libsecp256k1 context randomization before each signing
 session

---
 releases/Next-ChangeLog.md | 3 ++-
 shared/psbt.py             | 4 ++--
 testing/test_sign.py       | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/releases/Next-ChangeLog.md b/releases/Next-ChangeLog.md
index 54ec4559..b1bca0d3 100644
--- a/releases/Next-ChangeLog.md
+++ b/releases/Next-ChangeLog.md
@@ -7,9 +7,10 @@ This lists the new changes that have not yet been published in a normal release.
 - Enhancement: Allow JSON files in `NFC File Share`
 - Enhancement: latest [0.5.0](https://github.com/bitcoin-core/secp256k1/releases/tag/v0.5.0) libsecp256k1
 - Enhancement: Signature grinding optimizations
+- Enhancement: Improve side-channel protection. libsecp256k1 context randomization before each signing session.
 - Bugfix: UI ordered list alignment in Seed Vault menu
 - Bugfix: Do not alow to import multisig wallet duplicate with only keys shuffled
-- Bugfix: Do not read whole PSBT into memory when writing finalized transaction
+- Bugfix: Do not read whole PSBT into memory when writing finalized transaction 
 
 
 # Mk4 Specific Changes
diff --git a/shared/psbt.py b/shared/psbt.py
index ea4b9707..2f8f95be 100644
--- a/shared/psbt.py
+++ b/shared/psbt.py
@@ -1868,9 +1868,9 @@ class psbtObject(psbtProxy):
 
             # progress
             dis.fullscreen('Signing...')
-
+            # randomize secp context before each signing session
+            ngu.secp256k1.ctx_rnd()
             # Sign individual inputs
-            sigs = 0
             success = set()
             for in_idx, txi in self.input_iter():
                 dis.progress_sofar(in_idx, self.num_inputs)
diff --git a/testing/test_sign.py b/testing/test_sign.py
index 85f0f042..6b47b15f 100644
--- a/testing/test_sign.py
+++ b/testing/test_sign.py
@@ -2106,7 +2106,8 @@ def test_no_outputs_tx(fake_txn, microsd_path, goto_home, press_select, pick_men
     except: pass
 
 
-def test_send2taproot_addresss(fake_txn , start_sign, end_sign, cap_story):
+def test_send2taproot_addresss(fake_txn , start_sign, end_sign, cap_story, use_testnet):
+    use_testnet()
     psbt = fake_txn(2, 2, segwit_in=True, change_outputs=[0], outstyles=["p2tr"])
     start_sign(psbt)
     title, story = cap_story()