[TimPrice]

Only koblitz curves (secp256k1) seem to be secure?

On a related note, the Bernstein team designed Ed25519 with side channels attacks in mind. https://en.wikipedia.org/wiki/EdDSA#Features

[erichocean]

It would have been nice if the paper had discussed Ed25519. Anyone else know what the status is relative to this (and other, similar) work?

[floodyberry-]

The paper attacks implementations, not algorithms. As far as I know, all of the of the major Ed25519 implementations are side channel protected and safe (no branches on secret data, no array indexing with secret data)