Fast constant-time gcd computation and modular inversion

[Torbjörn Granlund]

Marco Bodrato <bodrato at mail.dm.unipi.it> writes:

  We should start writing mpn_sec_binvert :-)

I think mpn_binvert is almost sec_ naturally.

The exception is when sbpi1_bdiv_q.or dbpi1_bdiv_q c are invoked.  The
former has some < on data (for carry computations) and the latter has a
mpn_incr_u which is very leaky.

-- 
Torbjörn
Please encrypt, key id 0xC8601622