RFR: 8295010: Reduce if required in EC limbs operations [v5]

Xue-Lei Andrew Fan xuelei at openjdk.org
Tue Nov 22 16:23:36 UTC 2022


On Tue, 22 Nov 2022 08:58:16 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

> Now that `reduce` is called as needed, how do we guarantee that `ECOperations.multiply` will remain constant-time, i.e. call `reduce` a fixed number of times regardless of the input?

As the reducing operation is depends on the numbers of adds (not the number bits), the operation is depends on the formulas, rather than the sensitive information.  For a EC curve, the use of reducing operation is determined, just as what it was used  in the ECOperations.  For example, if a curve for sum operation needs to call reduce at the 3rd product and 5th addition, the operations will always called at that steps.  If I am right, the reduce operation is still called a fixed number of times.

-------------

PR: https://git.openjdk.org/jdk/pull/10624



More information about the security-dev mailing list