Side-channel silent division
Niels Möller
nisse at lysator.liu.se
Wed Nov 14 10:08:07 CET 2012
Torbjorn Granlund <tg at gmplib.org> writes:
> Any opinions on this approach?
Makes sense to me. I can see some alternative ways to avoid the initial
quotient adjustment (udiv_qrnnd_preinv), but to avoid handling carry out
from the update of the partial remainder, I see no way besides using a
quotient smaller than a full limb.
If we can arrange for a loop which does a full quotent limb, and applies
it using mpn_submul_1 followed by an mpn_add_cnd_n per quotient3B, would
that be faster or otherwise preferable to your loop with two submul_1
per quotient limb?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the gmp-devel
mailing list