2024.09.04 14:20:35 (Mastodon 113079722665585313, Twitter 1831336585733820758) from Daniel J. Bernstein:
Some tools at different layers that would have stopped timing attacks against ECDSA nonce-inversion software: (1) the safegcd algorithm, https://gcd.cr.yp.to; (2) switching from ECDSA to EdDSA, typically Ed25519; (3) using TIMECOP (https://bench.cr.yp.to/tips.html#timecop) to scan for leaks.