Side-channel silent modular inverse
Niels Möller
nisse at lysator.liu.se
Fri Dec 27 20:05:51 UTC 2013
Torbjorn Granlund <tg at gmplib.org> writes:
> * mpn_sec_add_1
>
> I'd say use the obvious algorithm: Create vector of n-1 zeros and then
> the input limb arg at index 0, invoke mpn_add_n.
That's good enough, I guess, at the cost of some extra scratch space.
> * mpn_cnd_neg
>
> Create zero vector, invoke mpn_sub_n.
That doesn't make it conditional. And I see no obvious way to do
conditional negation on top of mpn_cnd_sub_n.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the gmp-devel
mailing list