Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Variable-time modular inversion support #731

Merged
merged 2 commits into from
Jan 10, 2025
Merged

Variable-time modular inversion support #731

merged 2 commits into from
Jan 10, 2025
+186 −8

Conversation

tarcieri
Copy link
Member

@tarcieri tarcieri commented Jan 9, 2025

Adds (back) support for computing modular inversions in variable-time with respect to the value being inverted, which computes the specific number of safegcd divsteps to perform based on the input, as opposed to using a worst case number based on the bit length.

Closes #728

@tarcieri
[WIP] Variable-time modular inversion support
3de5b48 
Adds (back) support for computing modular inversions in variable-time
with respect to the value being inverted, which computes the specific
number of safegcd divsteps to perform based on the input, as opposed to
using a worst case number based on the bit length.

Closes #728
@tarcieri tarcieri requested a review from fjarri January 9, 2025 17:52
@tarcieri tarcieri mentioned this pull request Jan 9, 2025
Closed
@tarcieri
Copy link
Member Author

tarcieri commented Jan 9, 2025

This is unfortunately quite a bit of boilerplate. I'm not sure if there's any refactoring we could do to potentially reduce it. Abstracting against the boxed and const fn-capable unboxed versions is quite difficult.

@tarcieri
Copy link
Member Author

tarcieri commented Jan 9, 2025
edited
Loading

Note: wanted to add some equivalence tests between the two versions prior to merging

Edit: added, removing WIP/draft

@tarcieri tarcieri changed the title [WIP] Variable-time modular inversion support Variable-time modular inversion support Jan 9, 2025
@tarcieri tarcieri marked this pull request as ready for review January 9, 2025 19:13
@tarcieri
Copy link
Member Author

tarcieri commented Jan 9, 2025
edited
Loading

It seems like for each of ConstMontyForm, MontyForm, and BoxedMontyForm it might be possible to DRY out gcd/gcd_vartime/inv(ert)/inv(ert)_vartime with some conversion helpers that all four could call (though they would be slightly different for each form).

Edit: made a little progress locally trying to DRY things out this way, but I think I'd rather save that work for a followup commit to make this one easier to review.

@tarcieri tarcieri merged commit 682f17a into master Jan 10, 2025
18 checks passed
@tarcieri tarcieri deleted the invert_vartime branch January 10, 2025 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fjarri fjarri Awaiting requested review from fjarri

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add an invert_vartime method to ConstMontyForm
1 participant
@tarcieri