mpn_sec_div_r
Torbjörn Granlund
tg at gmplib.org
Sun Nov 25 21:00:44 UTC 2018
nisse at lysator.liu.se (Niels Möller) writes:
And there's also a similar table lookup in binvert_limb, used by
mpn_sec_powm.
I am surprised that I implemented it like that. This needs fixing.
For binvert_limb, doing some logics should get us 4 bits, than just one
more iteration. We could as well define a binvert_limb_sec or
sec_binvert_limb (in C).
For invert_limb, we should write some leak-free C code for generating a
suitable table, I suppose. Unfortunately, not all asm invert_limb's are
the same, and need different tables. So we cannot just drop inte them
from that C code.
Perhaps we should simply write a leakage free C invert_limb, and then
add faster entry points to the asm invert_limb as sec_invert_limb. The
latter is no hurry.
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-devel
mailing list