mirror of
				https://github.com/Mbed-TLS/mbedtls.git
				synced 2025-10-24 13:32:59 +03:00 
			
		
		
		
	Expand comment about adaptations from the paper
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
		| @@ -1060,8 +1060,17 @@ void mbedtls_mpi_core_div2_mod_odd(mbedtls_mpi_uint *X, | |||||||
|  * - Alg 7 is readable but not constant-time, Alg 8 is constant-time but not |  * - Alg 7 is readable but not constant-time, Alg 8 is constant-time but not | ||||||
|  *   readable (and uses signed arithmetic). We mostly follow Alg 7 and make it |  *   readable (and uses signed arithmetic). We mostly follow Alg 7 and make it | ||||||
|  *   constant-time by using our usual primitives (conditional assign, |  *   constant-time by using our usual primitives (conditional assign, | ||||||
|  *   conditional swap) rather than re-inventing them. We only take a few |  *   conditional swap) rather than re-creating them. See the comments in the | ||||||
|  *   notations from Alg 8 for temporaries. |  *   body of the paper (around tables 2) about how to make Alg 7 constant-time. | ||||||
|  |  * - Both Alg 7 and Alg 8 have temporaries called t1, t2 which have different | ||||||
|  |  *   meanings; we use the meaning from Alg 8 (see declarations below). | ||||||
|  |  * - Compared to both, we re-order operations, grouping those related to | ||||||
|  |  *   the inverse together. This saves temporaries (we can re-use d, t1, t2 from | ||||||
|  |  *   the GCD part as they are no longer used) and improves readability | ||||||
|  |  *   considering we make computation of the inverse optional. | ||||||
|  |  * - Compared to Alg 7, we use an explicit conditional swap at the end, which is | ||||||
|  |  *   closer to the use of the sort array in Alg 8 (or the max.min function in | ||||||
|  |  *   Alg 6 and earlier). | ||||||
|  * - Compared to both, we skip the trick with pre_comm: I think this trick |  * - Compared to both, we skip the trick with pre_comm: I think this trick | ||||||
|  *   complicates things for no benefit (see comment on the big I != NULL block |  *   complicates things for no benefit (see comment on the big I != NULL block | ||||||
|  *   below for details). |  *   below for details). | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user