Skip to content

k256+p256+p384: impl Invert trait for Scalar types #741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tarcieri merged 1 commit into from
Feb 3, 2023
Merged

k256+p256+p384: impl Invert trait for Scalar types #741

tarcieri merged 1 commit into from
Feb 3, 2023

Conversation

@tarcieri
Copy link
Member

@tarcieri tarcieri commented Feb 3, 2023

The Invert trait now provides an invert_vartime method which can use a faster implementation than the constant time version.

Leveraging this requires an explicit impl of the trait however, whereas before it was provided by a blanket impl for types which impl ff::Field.

@tarcieri tarcieri force-pushed the k256+p256+p384/impl-invert-trait-for-scalars branch 2 times, most recently from bcda944 to e698211 Compare February 3, 2023 16:30
tarcieri
tarcieri commented Feb 3, 2023
View reviewed changes
p256/src/arithmetic/scalar.rs
/// variable-time operation can potentially leak secrets through
/// sidechannels.
#[allow(non_snake_case)]
fn invert_vartime(&self) -> CtOption<Self> {
Copy link
Member Author

@tarcieri tarcieri Feb 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fjarri FYI, there's now a dedicated method for variable-time inversions which is used by the generic ECDSA implementation.

This can probably be adapted to work with k256? I had previously tried to make it fully generic, but due to the use of Self(MODULUS) below it's relying on support in the underlying field implementation.

I tried porting it to k256 and it seemed to work, although ECDSA verification performance was only up by ~3%.

@tarcieri
k256+p256+p384: impl Invert trait for Scalar types
5a9ebd8 
The `Invert` trait now provides an `invert_vartime` method which can use
a faster implementation than the constant time version.

Leveraging this requires an explicit impl of the trait however, whereas
before it was provided by a blanket impl for types which impl
`ff::Field`.

This includes an implementation of Stein's algorithm for `p256::Scalar`
originally provided by @nickray.
@tarcieri tarcieri force-pushed the k256+p256+p384/impl-invert-trait-for-scalars branch from e698211 to 5a9ebd8 Compare February 3, 2023 16:47
@tarcieri tarcieri merged commit 460d676 into master Feb 3, 2023
@tarcieri tarcieri deleted the k256+p256+p384/impl-invert-trait-for-scalars branch February 3, 2023 17:03
This was referenced Mar 3, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tarcieri