You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the torsion check (is_torsion_free) is implemented using a variable base constant time multiplication. However the group order is public so there is no need for side channel countermeasures regarding the scalar. This would save the overhead from LookupTable::select, both the constant time lookup as well as the cost of doing the point negation in the case it's not needed. You could also precompute the NAF encoding of the group order, though I'm not sure if that's worthwhile.
The text was updated successfully, but these errors were encountered:
Currently the torsion check (
is_torsion_free) is implemented using a variable base constant time multiplication. However the group order is public so there is no need for side channel countermeasures regarding the scalar. This would save the overhead fromLookupTable::select, both the constant time lookup as well as the cost of doing the point negation in the case it's not needed. You could also precompute the NAF encoding of the group order, though I'm not sure if that's worthwhile.The text was updated successfully, but these errors were encountered: