Botan::BlindedScalarBits< C, WindowBits > Class Template Reference

#include <pcurves_impl.h>

Public Member Functions
	BlindedScalarBits (const typename C::Scalar &scalar, RandomNumberGenerator &rng)
size_t	get_window (size_t offset) const
	~BlindedScalarBits ()

Static Public Attributes
static constexpr size_t	Bits = C::Scalar::BITS + (BlindingEnabled ? BlindingBits : 0)
static constexpr size_t	Bytes = (Bits + 7) / 8

Detailed Description

template<typename C, size_t WindowBits>
class Botan::BlindedScalarBits< C, WindowBits >

Blinded Scalar

This randomizes the scalar representation by computing s + n*k where n is the group order and k is a random value

Definition at line 951 of file pcurves_impl.h.

Constructor & Destructor Documentation

BlindedScalarBits()

template<typename C , size_t WindowBits>

Botan::BlindedScalarBits< C, WindowBits >::BlindedScalarBits ( const typename C::Scalar & scalar, RandomNumberGenerator & rng )

inline

Definition at line 968 of file pcurves_impl.h.

                                                                                    {
         if constexpr(BlindingEnabled) {
            constexpr size_t mask_words = BlindingBits / WordInfo<W>::bits;
            constexpr size_t mask_bytes = mask_words * WordInfo<W>::bytes;
 
            constexpr size_t n_words = C::NW.size();
 
            uint8_t maskb[mask_bytes] = {0};
            rng.randomize(maskb, mask_bytes);
 
            W mask[n_words] = {0};
            load_le(mask, maskb, mask_words);
            mask[mask_words - 1] |= WordInfo<W>::top_bit;
 
            W mask_n[2 * n_words] = {0};
 
            const auto sw = scalar.to_words();
 
            // Compute masked scalar s + k*n
            comba_mul<n_words>(mask_n, mask, C::NW.data());
            bigint_add2_nc(mask_n, 2 * n_words, sw.data(), sw.size());
 
            std::reverse(mask_n, mask_n + 2 * n_words);
            m_bytes = store_be<std::vector<uint8_t>>(mask_n);
         } else {
            static_assert(Bytes == C::Scalar::BYTES);
            m_bytes.resize(Bytes);
            scalar.serialize_to(std::span{m_bytes}.template first<Bytes>());
         }
 
         CT::poison(m_bytes.data(), m_bytes.size());
      }

References Botan::bigint_add2_nc(), Botan::BlindedScalarBits< C, WindowBits >::Bytes, Botan::comba_mul(), Botan::load_le(), Botan::CT::poison(), Botan::RandomNumberGenerator::randomize(), and Botan::store_be().

~BlindedScalarBits()

template<typename C , size_t WindowBits>

Botan::BlindedScalarBits< C, WindowBits >::~BlindedScalarBits ( )

inline

Definition at line 1006 of file pcurves_impl.h.

                           {
         secure_scrub_memory(m_bytes.data(), m_bytes.size());
         CT::unpoison(m_bytes.data(), m_bytes.size());
      }

References Botan::secure_scrub_memory(), and Botan::CT::unpoison().

Member Function Documentation

get_window()

template<typename C , size_t WindowBits>

size_t Botan::BlindedScalarBits< C, WindowBits >::get_window ( size_t offset ) const

inline

Definition at line 1001 of file pcurves_impl.h.

                                             {
         // Extract a WindowBits sized window out of s, depending on offset.
         return read_window_bits<WindowBits>(std::span{m_bytes}, offset);
      }

Referenced by Botan::PrecomputedBaseMulTable< C, W >::mul(), and Botan::WindowedMulTable< C, W >::mul().

Member Data Documentation

Bits

template<typename C , size_t WindowBits>

size_t Botan::BlindedScalarBits< C, WindowBits >::Bits = C::Scalar::BITS + (BlindingEnabled ? BlindingBits : 0)

staticconstexpr

Definition at line 965 of file pcurves_impl.h.

Bytes

template<typename C , size_t WindowBits>

size_t Botan::BlindedScalarBits< C, WindowBits >::Bytes = (Bits + 7) / 8

staticconstexpr

Definition at line 966 of file pcurves_impl.h.

Referenced by Botan::BlindedScalarBits< C, WindowBits >::BlindedScalarBits().

---

The documentation for this class was generated from the following file:

• src/lib/math/pcurves/pcurves_impl.h