frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make secp256k1_scalar_add_bit conditional; make secp256k1_scalar_split_lambda_var constant time

Browse Source 
This has the effect of making `secp256k1_scalar_mul_shift_var` constant
time in both input scalars. Keep the _var name because it is NOT constant
time in the shift amount.

As used in `secp256k1_scalar_split_lambda_var`, the shift is always
the constant 272, so this function becomes constant time, and it
loses the `_var` suffix.
This commit is contained in:
Andrew Poelstra
2015-05-22 11:51:51 -05:00
parent 91c0ce95ca
commit ed35d43a0c
7 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/bench_internal.c
View File

@@ -98,7 +98,7 @@ void bench_scalar_split(void* arg) {
for (i = 0; i < 20000; i++) {
secp256k1_scalar_t l, r;
secp256k1_scalar_split_lambda_var(&l, &r, &data->scalar_x);
secp256k1_scalar_split_lambda(&l, &r, &data->scalar_x);
secp256k1_scalar_add(&data->scalar_x, &data->scalar_x, &data->scalar_y);
}
}