> After that, the idea of being constant time gradually disappears.
It does make a come back for combs (considering that fixed point multiplication is used to process secrets). The very last words of the article are "constant time".
> Ironically, (if I recall correctly) EdDSA was seen as an improvement over EcDsa partially because it is easier to avoid timing side-channel attacks.
It is. It's just that EdDSA verification doesn't need to be constant time at all. That's why sliding windows are so useful. Signatures and public key generation do need to be constant time, so I haven't mentioned sliding combs.
It does make a come back for combs (considering that fixed point multiplication is used to process secrets). The very last words of the article are "constant time".
> Ironically, (if I recall correctly) EdDSA was seen as an improvement over EcDsa partially because it is easier to avoid timing side-channel attacks.
It is. It's just that EdDSA verification doesn't need to be constant time at all. That's why sliding windows are so useful. Signatures and public key generation do need to be constant time, so I haven't mentioned sliding combs.