Side-channel silent modular inverse
Niels Möller
nisse at lysator.liu.se
Fri Dec 27 21:15:45 UTC 2013
Torbjorn Granlund <tg at gmplib.org> writes:
> I had neglected the significance of modular inversion for elliptic curve
> arithmetic.
In my implementation, it's needed in two places.
* For ecdsa signatures, the random nonce k is inverted mod q, the ecc
group order.
* When converting coordinates back from jacobian representation to
affine representation. Then the z coordinate is inverted mod p.
> My suggestion was just for a reasonably efficient fall-back.
Fair enough.
/nisse
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the gmp-devel
mailing list