GMP developers' secure corner

Background to sec and cnd functions

Starting with GMP 5, we provide a public mpz_powm_sec function, supported by a corresponding mpn_sec_powm and mpn_cnd_sub_n (then called mpn_powm_sec and mpn_subcnd_n, respectively).

Starting with GMP 6, we provide a public set of mpn_sec functions.

The purpose for the sec and cnd functions is providing a basic set of side-channel silent function.

The functions never allocate their own scratch memory, since some applications will surely want to allocate "safe" memory.

Suggested list of functions

function visibility status

mpn_sec_powm public OK

mpn_sec_mul public OK

mpn_sec_sqr public OK

mpn_sec_div_qr public OK

mpn_sec_div_r public OK

mpn_sec_pi1_div_qr private? OK

mpn_sec_pi1_div_r private? OK

mpn_sec_add_1 public

mpn_sec_sub_1 public

mpn_cnd_neg public

mpn_cnd_swap public

mpn_sec_minvert public OK

mpn_cnd_add_n public OK

mpn_cnd_sub_n public OK

mpn_sec_tabselect public OK

function	visibility	status
`mpn_sec_powm`	public	OK
`mpn_sec_mul`	public	OK
`mpn_sec_sqr`	public	OK
`mpn_sec_div_qr`	public	OK
`mpn_sec_div_r`	public	OK
`mpn_sec_pi1_div_qr`	private?	OK
`mpn_sec_pi1_div_r`	private?	OK
`mpn_sec_add_1`	public
`mpn_sec_sub_1`	public
`mpn_cnd_neg`	public
`mpn_cnd_swap`	public
`mpn_sec_minvert`	public	OK
`mpn_cnd_add_n`	public	OK
`mpn_cnd_sub_n`	public	OK
`mpn_sec_tabselect`	public	OK