Performance of modular exponentiation
haberg-1 at telia.com
Mon Dec 7 21:49:23 UTC 2020
> On 7 Dec 2020, at 22:40, Torbjörn Granlund <tg at gmplib.org> wrote:
> Hans Åberg <haberg-1 at telia.com> writes:
> Incidentally, the sliding windows method caused a vulnerability in GnuPG:
> I am not surprised. If you understand anything about side channel
> leaks, you would not use the sliding window algorithm.
> But the naive square-and-multiiply algorithm is even worse.
> It is a shame that the GnuPG authors forked GMP, despite their apparent
> inadequate expertise in arithmetic.
> Anyway, here is how to do exponentiation of sensitive data:
> But this is perhaps the topic of another thread.
The GMP manual, 15.4.2, says it is using the sliding window algorithm.
More information about the gmp-discuss