mpn_sec_powm

Niels Möller nisse at lysator.liu.se
Mon Feb 10 21:26:20 UTC 2014


Torbjorn Granlund <tg at gmplib.org> writes:

> let me add that the
> POWM_SEC_TABLE measuring never became robust; two consecutive
> measurements didn't seem to give very similar data.

Maybe one problem is that to make a "fair" comparison between window
sizes k and k+1, the exponent bit size should be divisible by both k and
k+1. Otherwise one or the other will get a disadvantage of a partial
window in the last iteration. (The leaky mpn_powm, with its *sliding*
window, will behave quite differently in this respect).

And together with the measurement sequence generated by

      nbits_next = nbits * 65 / 64;
      nbits = nbits_next + (nbits_next == nbits);

the partial window effect might add some random looking (although
actually deterministic) noise to the measurements.

Not sure if that kind of noise really should cause hard to repeat
results, though.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.


More information about the gmp-devel mailing list