Performance of modular exponentiation
Torbjörn Granlund
tg at gmplib.org
Mon Dec 7 21:40:33 UTC 2020
Hans Åberg <haberg-1 at telia.com> writes:
Incidentally, the sliding windows method caused a vulnerability in GnuPG:
I am not surprised. If you understand anything about side channel
leaks, you would not use the sliding window algorithm.
But the naive square-and-multiiply algorithm is even worse.
It is a shame that the GnuPG authors forked GMP, despite their apparent
inadequate expertise in arithmetic.
Anyway, here is how to do exponentiation of sensitive data:
https://gmplib.org/~tege/modexp-silent.pdf
But this is perhaps the topic of another thread.
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-discuss
mailing list