Side channel commentary

author: lloyd <[email protected]> 2015-01-08 13:25:48 +0000
committer: lloyd <[email protected]> 2015-01-08 13:25:48 +0000
commit: 046da982c11170f2d37f9b3acd803a56fe325abd (patch)
tree: f98648a5e871401714e931e3ccc2f93dc3b6a321 /src/lib/math/mp/mp_karat.cpp
parent: 8e92f925bcf6039f405f841219fdf3ff020cabf9 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp
index 62620f83d..f576ff612 100644
--- a/src/lib/math/mp/mp_karat.cpp
+++ b/src/lib/math/mp/mp_karat.cpp
@@ -48,6 +48,15 @@ void karatsuba_mul(word z[], const word x[], const word y[], size_t N,
 
    clear_mem(workspace, 2*N);
 
+   /*
+   * If either of cmp0 or cmp1 is zero then z0 or z1 resp is zero here,
+   * resulting in a no-op - z0*z1 will be equal to zero so we don't need to do
+   * anything, clear_mem above already set the correct result.
+   *
+   * However we ignore the result of the comparisons and always perform the
+   * subtractions and recursively multiply to avoid the timing channel.
+   */
+
    //if(cmp0 && cmp1)
       {
       if(cmp0 > 0)
@@ -106,6 +115,8 @@ void karatsuba_sqr(word z[], const word x[], size_t N, word workspace[])
 
    clear_mem(workspace, 2*N);
 
+   // See comment in karatsuba_mul
+
    //if(cmp)
       {
       if(cmp > 0)
author	lloyd <[email protected]>	2015-01-08 13:25:48 +0000
committer	lloyd <[email protected]>	2015-01-08 13:25:48 +0000
commit	046da982c11170f2d37f9b3acd803a56fe325abd (patch)
tree	f98648a5e871401714e931e3ccc2f93dc3b6a321 /src/lib/math/mp/mp_karat.cpp
parent	8e92f925bcf6039f405f841219fdf3ff020cabf9 (diff)