tweetnacl-js icon indicating copy to clipboard operation
tweetnacl-js copied to clipboard

Published 20 hours ago verified publisher icon dchest

Faster signatures

Open dchest opened this issue 7 years ago • 1 comments

Use plain arrays instead of Float64Array.

dchest avatar Nov 11 '17 20:11 dchest

This potentially breaks constant timing. Arrays created by gf must be able to contain at least 44 bits, which is why Float64Array is used (JavaScript numbers, which are double/float64 can represent 2^53-bit integers). If we change it to Array, V8 will initially assume that these are 32-bit integers, which is why it performs faster. However, if multiplication pushes the number out of 32-bit range, V8 will have to convert the array to another representation, capable of representing more than 32-bit numbers (I assume, to doubles), thus producing a timing variation which depends on the number, which is secret data (in case of dh and signing, but not verifying).

This is just a theory, but it explains why I'm hesitant to merge this PR. I'd really like to do it, since it brings a great improvement in performance. Perhaps, someone more familiar with internals of JavaScript VMs can take a look?

dchest avatar Mar 05 '18 18:03 dchest