Skip to content

Variable-time modular inversion support#731

Merged
tarcieri merged 2 commits into
masterfrom
invert_vartime
Jan 10, 2025
Merged

Variable-time modular inversion support#731
tarcieri merged 2 commits into
masterfrom
invert_vartime

Conversation

@tarcieri

@tarcieri tarcieri commented Jan 9, 2025

Copy link
Copy Markdown
Member

Adds (back) support for computing modular inversions in variable-time with respect to the value being inverted, which computes the specific number of safegcd divsteps to perform based on the input, as opposed to using a worst case number based on the bit length.

Closes #728

@tarcieri
[WIP] Variable-time modular inversion support
3de5b48 
Adds (back) support for computing modular inversions in variable-time
with respect to the value being inverted, which computes the specific
number of safegcd divsteps to perform based on the input, as opposed to
using a worst case number based on the bit length.

Closes #728
@tarcieri tarcieri requested a review from fjarri January 9, 2025 17:52
@tarcieri tarcieri mentioned this pull request Jan 9, 2025
Closed
@tarcieri

tarcieri commented Jan 9, 2025

Copy link
Copy Markdown
Member Author

This is unfortunately quite a bit of boilerplate. I'm not sure if there's any refactoring we could do to potentially reduce it. Abstracting against the boxed and const fn-capable unboxed versions is quite difficult.

@tarcieri

tarcieri commented Jan 9, 2025
edited
Loading

Copy link
Copy Markdown
Member Author

Note: wanted to add some equivalence tests between the two versions prior to merging

Edit: added, removing WIP/draft

@tarcieri tarcieri changed the title [WIP] Variable-time modular inversion support Variable-time modular inversion support Jan 9, 2025
@tarcieri tarcieri marked this pull request as ready for review January 9, 2025 19:13
@tarcieri

tarcieri commented Jan 9, 2025
edited
Loading

Copy link
Copy Markdown
Member Author

It seems like for each of ConstMontyForm, MontyForm, and BoxedMontyForm it might be possible to DRY out gcd/gcd_vartime/inv(ert)/inv(ert)_vartime with some conversion helpers that all four could call (though they would be slightly different for each form).

Edit: made a little progress locally trying to DRY things out this way, but I think I'd rather save that work for a followup commit to make this one easier to review.

@tarcieri tarcieri merged commit 682f17a into master Jan 10, 2025
@tarcieri tarcieri deleted the invert_vartime branch January 10, 2025 15:02
@tarcieri tarcieri mentioned this pull request Jan 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fjarri fjarri Awaiting requested review from fjarri

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add an invert_vartime method to ConstMontyForm

1 participant

@tarcieri