Side channel silent karatsuba / mpn_addmul_2 karatsuba
Torbjörn Granlund
tg at gmplib.org
Sun Dec 16 15:59:48 UTC 2018
"Marco Bodrato" <bodrato at mail.dm.unipi.it> writes:
Yes, in that case ((g >> 32) + e1h)>>32 will be non-zero, so that the
expression ((g >> 32) + e1h + (e1hc << 32)) will give at most a 33 bit
result. Right?
I don't understand my code that well. :-)
> ulong e1ha =-((a + b) >> 32) & ((c + d) & 0xfffffffful);
> ulong e1hb = ((a + b) & 0xfffffffful) &-((c + d) >> 32);
> ulong e1hc = ((a + b) >> 32) & ((c + d) >> 32);
> ulong e1h = e1ha + e1hb;
when moing from half- to full-word, the carry of e1h will be added to e1hc
Yes, they will be \beta apart.
and here e1hc will get also the carry from (g >> 32) + e1h ... after that
the value of e1hc will not be "negative" any more :-)
I got stuck with that code since there are so many ways of summing
things.
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-devel
mailing list