An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Reference Patches 1.7.x: Ed25519 signing and verification implemented in 1.6.0 with following refactorings.