Side-channel silent modular inverse
Torbjorn Granlund
tg at gmplib.org
Fri Dec 27 11:18:28 UTC 2013
bodrato at mail.dm.unipi.it writes:
Il Ven, 27 Dicembre 2013 12:53 am, Torbjorn Granlund ha scritto:
> I realise that this will be asymptotically slower, in this setting
> O(n^3) vs O(n^2), but it ought have a much lower constant factor.
We will introduce a side-channel silent threshold...
Well, we make no claims about not leaking operand *sizes*. We only
claim any two operand pairs of n bits will not appear different through
some side-channel.
Torbjörn
More information about the gmp-devel
mailing list