bn.js icon indicating copy to clipboard operation
bn.js copied to clipboard

Published 20 hours ago verified publisher icon indutny

Please implement constant time montgomery mulitplication

Open bastien-roucaries opened this issue 8 years ago • 4 comments
trafficstars

Could you please implement this kind of mult: https://github.com/libressl-portable/openbsd/blob/57dcd4329d83bff3dd67a293d5c4a53b795c587e/src/lib/libcrypto/bn/bn_exp.c#L641-L646

It will be useful for https://github.com/crypto-browserify/diffie-hellman/issues/22

bastien-roucaries avatar Aug 21 '17 13:08 bastien-roucaries

I wonder how much safety this would actually provide given the interpreted/JITed nature of Javascript?

axic avatar Nov 29 '17 22:11 axic

This is not obvious, but it might be worth exploration.

indutny avatar Nov 30 '17 02:11 indutny

Keep open as debt or close? Someone can always open a PR if necessary.

dcousens avatar Jun 06 '18 05:06 dcousens

For anyone trying to look at this later, the problem in redPow that debian noted is the bit === 0 && current === 0 stuff as it performs differential treatment of different bits, skipping through consecutive zeros and allowing some classic DH timing stuff to happen. The rest looks mostly fine: mul is linear to input size; add / sub is trying to be clever but not too much.

It should be possible to just add a flag to disable the check. Someone will have to bench it and see there is any difference though.

Artoria2e5 avatar Oct 28 '19 05:10 Artoria2e5