aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/math/numbertheory/nistp_redc.cpp
Commit message (Collapse)AuthorAgeFilesLines
* In NIST P-xxx reductions unpoison S before using itJack Lloyd2018-12-241-8/+10
| | | | | | | | Was already done in P-256 but not in P-{192,224,384}. This is a cache-based side channel which would be good to address. It seems like it would be very difficult to exploit even with perfect recovery, but crazier things have worked.
* Avoid repeated size checks when setting words in NIST reductionJack Lloyd2018-12-081-25/+33
| | | | This is a tiny thing but it saves over 100K cycles for P-384 ECDSA
* Avoid conditional operations in P-521 reductionJack Lloyd2018-12-011-30/+31
|
* Add BigInt::mod_mulJack Lloyd2018-12-011-3/+3
|
* Need to ensure minimum size hereJack Lloyd2018-11-271-0/+1
| | | | Previously handled by the early exit
* Optimizations for NIST reductionJack Lloyd2018-11-261-22/+20
| | | | Also avoid an early exit in P-521
* Avoid branching in the NIST prime reduction codeJack Lloyd2018-11-091-48/+10
| | | | | This is still vulnerable to a cache-based side channel since the multiple chosen leaks the final carry.
* Use resize instead of shrink_to_fitJack Lloyd2018-11-091-3/+3
| | | | Avoid recalculating significant words which slows down reduction
* Rename get_uint32_t to get_uint32Jack Lloyd2018-11-091-67/+67
|
* Fix some MSVC warningsJack Lloyd2018-09-301-1/+1
|
* Remove support for 8 or 16 bit BigInt wordsJack Lloyd2018-08-151-6/+2
| | | | | | | | | | It turned out 8 bit was very broken (failed to compile, due to overload problems with functions taking uint8_t vs word). 16 bit words work aside from a test failure, but is really slow. Practically speaking we are not in a position to support 16-bit CPUs very well. And being able to assume sizeof(word) >= sizeof(uint32_t) allows simplifying some code.
* Correct error in P-224 computationJack Lloyd2018-05-311-2/+3
| | | | | | | | If x was very small to start with x.size() might be under the limb count which would cause the final addition to throw because the destination array was smaller than the P-224 p being added. Caught by Wycheproof ECDSA tests
* Add early exit for P-192 reduceJack Lloyd2018-04-181-0/+5
|
* Remove now unused functionJack Lloyd2018-04-181-19/+0
|
* Optimize P-224 reductionJack Lloyd2018-04-181-47/+77
| | | | 5-7% faster ECDSA
* Further NIST reduction tweaksJack Lloyd2018-04-181-40/+44
|
* P-192 optimizationsJack Lloyd2018-04-181-34/+64
| | | | 5-7% faster for ECDSA and ECDH
* Micro optimizations in P-256 and P-384 reductionsJack Lloyd2018-04-181-30/+73
| | | | Improves ECDSA and ECDH by 1% or so.
* Minor optimizations for P-256 and P-384Jack Lloyd2018-04-171-161/+65
| | | | Improves ECDSA by ~5% on Skylake
* Remove use of ;; to end linesJack Lloyd2018-03-191-1/+1
|
* Remove MP_WORD_BITS constantJack Lloyd2018-03-011-2/+2
| | | | Use the BOTAN_MP_WORD_BITS consistently
* Correct error in P-521 reductionJack Lloyd2018-03-011-6/+25
| | | | | | | Introduced in c95b3967bf421, we failed to reduce if the result was exactly 2**521 - 1 OSS-Fuzz 6635
* Optimize P-521 reductionJack Lloyd2018-02-281-1/+17
| | | | ECDSA/ECDH both about 25% faster
* Optimize P-256 and P-384 reductionJack Lloyd2018-02-261-29/+84
| | | | Precompute the multiples of the prime and then subtract directly.
* Merge ec_gfp and ec_group modulesJack Lloyd2018-02-251-0/+535
They were already somewhat entangled and future work will increase that (eg by having PointGFp hold a pointer to EC_Group)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 15:52:37 +0000