Thomas Pornin

About window sizes: there are several parameters in play, not all of which apply to the present case; notably, my default implementations strive to work on very small systems, and...

PR #399 contains a fix.

There is a constant-time modular inversion (in fact, modular division, which is more generic) in BearSSL: https://www.bearssl.org/gitweb/?p=BearSSL;a=blob;f=src/int/i31_moddiv.c;h=9950591197674419d97f545a224a9503eda4a955;hb=420f50c213231244c8659d2e35cecb396a250ecc As with the rest of the modular integer code in BearSSL, it's "internal",...

Hello, the tricky point is that elliptic curves can be used by the server for two distinct purposes: for the key exchange (the "ECDHE" part), and for validating signatures (ECDSA)....

0x93805AC5242A8C68F3F1D132595A0F99E237502209ED8FF4A75B7AAE72E181B0 and 0x13805AC5242A8C68F3F1D132595A0F99E237502209ED8FF4A75B7AAE72E181C3 are actually equal modulo p; they represent the same value (and this is the correct result). In my code, field elements are represented as integers in the...

If you start with input 2^254, then the algorithm will first halve that value 254 times, and when it reaches 1, a swap will occur, putting in a the value...

I have three comments on that one: - There are two notions of bit length that can apply here: one is the bit length of the type (i.e. the maximum...

From my point of view, the code that is in CTTK is about as ready as it can be. It has comments and tests; there is nothing much to add...

Right now there is no support for modular integers in CTTK. I do have code for that; it is in BearSSL: https://www.bearssl.org/ (specifically in the src/int/ directory). Importing that code...

Apparently, Mono includes its own DNS resolver, and does funky things about it to speed up some cases of parallel name resolutions. A downside is that, in some cases, it...