[Cryptech Core] modexp optimization plans

Joachim Strömbergson joachim at secworks.se
Mon Jun 22 12:48:01 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Peter Stuge wrote:
> 4194304 / 65536 = factor 64 doesn't seem huge to me. Typo?

64 is huge increase in performance. It is difference in number of
operations, not cycles.


> Different size moduli still have different number of words. I think 
> completely data-independent constant-time execution is highly
> desirable.

Are you suggesting that all operations should fake a max size modulus
(8192) and always do that many operations. Jakob can probably answer,
bit I would find that solution to be very uncommon even in $$$$ and
certified HSMs.


>> One could further optimize to find the MSB one of the exponent and
>> set the size to that. And then you could end up with data
>> dependent execution time.
> 
> It seems that this is already the case?

No, not at all.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJViAQBAAoJEF3cfFQkIuyNRkIP/A2FH4NUFFAM0H2wLX3jamxp
rYZSFbERAuiXnnPffu4nFpNdpNAdicEr+hx8ULDuHuossndbjwgwvkIzfERvKvRI
+V/CMeoUHvmRvcofgn25Og0uqL5a7G11APtopsduigNGzXZZRWknOrorfHwbdfNA
sZhiPA+kEFxFRmCVODsMKCGtESdScic6m5JI8wfBv4R6rHUEt5kr9h7HM0Rda+1D
RY0xN8l9dnToKlWt3B6VAd4X+u1+drOcgQWnS5HmOIruCP0L81Tdu2OH34ucF/nC
qjJGZDFE4PBdpCMkvTfzHeVBg4bKMeWg2i+kWgTBlhyNYQkpvO3zuUUhwkBYLgM0
GQq12uoVOrZzN9GwPhAtSWMIWp7Glu0kjfrMhCdFjxBbdn4T2kASv9FV3sz+9Rni
DPiamAeufA8QE9IhcObY90ZBVbXu3fZCQwMJ+RfdG79LHfb2BQkK+t6nc37WhaG/
bv26CKQvq1ZapCj7Mz1EyQbdC/qkc9jZW7iLlHgq8Z4mpNN0BV2OpimIuTwquf4E
5EVE0TfpuUGQNU/3sSBY+M2iS0oqmD0vOA4uTfHhT0g1JEQDpQM1fyNEe/3v+rR2
z44p87D3q73SYXMcGi65hnFPZyVNGj1dX+sRTiO6L9GylYmOINvyULFqDseG6sXu
GCyfQaELa+gsLql4SLig
=wsme
-----END PGP SIGNATURE-----



More information about the Core mailing list