RFR: 8295010: Reduce if required in EC limbs operations [v5]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Nov 22 16:23:36 UTC 2022
On Tue, 22 Nov 2022 08:58:16 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Now that `reduce` is called as needed, how do we guarantee that `ECOperations.multiply` will remain constant-time, i.e. call `reduce` a fixed number of times regardless of the input?
As the reducing operation is depends on the numbers of adds (not the number bits), the operation is depends on the formulas, rather than the sensitive information. For a EC curve, the use of reducing operation is determined, just as what it was used in the ECOperations. For example, if a curve for sum operation needs to call reduce at the 3rd product and 5th addition, the operations will always called at that steps. If I am right, the reduce operation is still called a fixed number of times.
-------------
PR: https://git.openjdk.org/jdk/pull/10624
More information about the security-dev
mailing list