Performance of modular exponentiation

Torbjörn Granlund tg at
Mon Dec 7 21:40:33 UTC 2020

Hans Åberg <haberg-1 at> writes:

  Incidentally, the sliding windows method caused a vulnerability in GnuPG:

I am not surprised.  If you understand anything about side channel
leaks, you would not use the sliding window algorithm.

But the naive square-and-multiiply algorithm is even worse.

It is a shame that the GnuPG authors forked GMP, despite their apparent
inadequate expertise in arithmetic.

Anyway, here is how to do exponentiation of sensitive data:

But this is perhaps the topic of another thread.

Please encrypt, key id 0xC8601622

More information about the gmp-discuss mailing list