diff options
| author | MITSUNARI Shigeo <herumi@nifty.com> | 2017-03-28 04:46:15 +0800 |
|---|---|---|
| committer | MITSUNARI Shigeo <herumi@nifty.com> | 2017-03-28 04:46:15 +0800 |
| commit | 624259deea0c52c54626ac3821c2c47d3e74c599 (patch) | |
| tree | 16970b9857fc38da6b193a94e8facdd556b215cd | |
| parent | 682c294ffae563177daf2b18cfcc7c65ac558d94 (diff) | |
| download | dexon-mcl-624259deea0c52c54626ac3821c2c47d3e74c599.tar.gz dexon-mcl-624259deea0c52c54626ac3821c2c47d3e74c599.tar.zst dexon-mcl-624259deea0c52c54626ac3821c2c47d3e74c599.zip | |
constTime version of GLV for G1
| -rw-r--r-- | include/mcl/bn.hpp | 28 | ||||
| -rw-r--r-- | include/mcl/ec.hpp | 2 |
2 files changed, 20 insertions, 10 deletions
diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index aba9be4..25305b4 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -255,7 +255,7 @@ struct GLV { a += b; b = t - b; } - void mul(G1& Q, G1 P, mpz_class x) const + void mul(G1& Q, G1 P, mpz_class x, bool constTime = false) const { x %= r; if (x == 0) { @@ -324,14 +324,25 @@ struct GLV { tbl[2] = P; tbl[2].normalize(); tbl[3] = A + P; tbl[3].normalize(); Q.clear(); - for (int i = (int)n - 1; i >= 0; i--) { - G1::dbl(Q, Q); - bool ai = mcl::gmp::testBit(a, i); - bool bi = mcl::gmp::testBit(b, i); - unsigned int c = bi * 2 + ai; - if (c > 0) { + if (constTime) { + tbl[0] = tbl[1]; + for (int i = (int)n - 1; i >= 0; i--) { + G1::dbl(Q, Q); + bool ai = mcl::gmp::testBit(a, i); + bool bi = mcl::gmp::testBit(b, i); + unsigned int c = bi * 2 + ai; Q += tbl[c]; } + } else { + for (int i = (int)n - 1; i >= 0; i--) { + G1::dbl(Q, Q); + bool ai = mcl::gmp::testBit(a, i); + bool bi = mcl::gmp::testBit(b, i); + unsigned int c = bi * 2 + ai; + if (c > 0) { + Q += tbl[c]; + } + } } #endif #else @@ -476,11 +487,10 @@ struct BNT { static Param param; static void mulArrayGLV(G1& z, const G1& x, const mcl::fp::Unit *y, size_t yn, bool isNegative, bool constTime) { - (void)constTime; mpz_class s; mcl::gmp::setArray(s, y, yn); if (isNegative) s = -s; - param.glv.mul(z, x, s); + param.glv.mul(z, x, s, constTime); } static void init(const mcl::bn::CurveParam& cp = CurveFp254BNb, fp::Mode mode = fp::FP_AUTO) { diff --git a/include/mcl/ec.hpp b/include/mcl/ec.hpp index f1c2e90..40bbe61 100644 --- a/include/mcl/ec.hpp +++ b/include/mcl/ec.hpp @@ -770,7 +770,7 @@ public: bool operator<=(const EcT& rhs) const { return !operator>(rhs); } static inline void mulArray(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime = false) { - if (!constTime && mulArrayGLV && yn * 2 > Fp::BaseFp::getOp().N) { + if (mulArrayGLV && yn * 2 > Fp::BaseFp::getOp().N) { mulArrayGLV(z, x, y, yn, isNegative, constTime); return; } |