Performance of modular exponentiation
Hans Åberg
haberg-1 at telia.com
Mon Dec 7 21:49:23 UTC 2020
> On 7 Dec 2020, at 22:40, Torbjörn Granlund <tg at gmplib.org> wrote:
>
> Hans Åberg <haberg-1 at telia.com> writes:
>
> Incidentally, the sliding windows method caused a vulnerability in GnuPG:
>
> I am not surprised. If you understand anything about side channel
> leaks, you would not use the sliding window algorithm.
>
> But the naive square-and-multiiply algorithm is even worse.
>
> It is a shame that the GnuPG authors forked GMP, despite their apparent
> inadequate expertise in arithmetic.
>
> Anyway, here is how to do exponentiation of sensitive data:
>
> https://gmplib.org/~tege/modexp-silent.pdf
>
> But this is perhaps the topic of another thread.
The GMP manual, 15.4.2, says it is using the sliding window algorithm.
More information about the gmp-discuss
mailing list