Botan::Blinder Class Reference

#include <blinding.h>

Public Member Functions
BigInt	blind (const BigInt &x) const
	Blinder (const Barrett_Reduction &reducer, RandomNumberGenerator &rng, std::function< BigInt(const BigInt &)> fwd_func, std::function< BigInt(const BigInt &)> inv_func)
	Blinder (const Blinder &)=delete
Blinder &	operator= (const Blinder &)=delete
RandomNumberGenerator &	rng () const
BigInt	unblind (const BigInt &x) const

Static Public Attributes
static constexpr size_t	ReinitInterval = 64

Detailed Description

Blinding Function Object.

Definition at line 22 of file blinding.h.

Constructor & Destructor Documentation

Blinder() [1/2]

Botan::Blinder::Blinder	(	const Barrett_Reduction &	reducer,
		RandomNumberGenerator &	rng,
		std::function< BigInt(const BigInt &)>	fwd_func,
		std::function< BigInt(const BigInt &)>	inv_func )

Parameters

reducer	precomputed Barrett reduction for the modulus
rng	the RNG to use for generating the nonce
fwd_func	a function that calculates the modular exponentiation of the public exponent and the given value (the nonce)
inv_func	a function that calculates the modular inverse of the given value (the nonce)

Note

Lifetime: The rng and reducer arguments are captured by reference and must live as long as the Blinder does

Definition at line 12 of file blinding.cpp.

                                                         :
      m_reducer(reducer),
      m_rng(rng),
      m_fwd_fn(std::move(fwd)),
      m_inv_fn(std::move(inv)),
      m_modulus_bits(reducer.modulus_bits()),
      m_e{},
      m_d{},
      m_counter{} {
   const BigInt k = blinding_nonce();
   m_e = m_fwd_fn(k);
   m_d = m_inv_fn(k);
}

References rng().

Referenced by Blinder(), and operator=().

Blinder() [2/2]

Botan::Blinder::Blinder ( const Blinder & )

delete

References Blinder().

Member Function Documentation

blind()

BigInt Botan::Blinder::blind

(

const BigInt &

x

)

const

Blind a value.

The blinding nonce k is freshly generated after ReinitInterval calls to blind().

ReinitInterval = 0 means a fresh nonce is only generated once. On every other call, the next nonce is derived via modular squaring.

Parameters

x	value to blind

Returns

blinded value

Definition at line 33 of file blinding.cpp.

                                           {
   ++m_counter;
 
   if((ReinitInterval > 0) && (m_counter > ReinitInterval)) {
      const BigInt k = blinding_nonce();
      m_e = m_fwd_fn(k);
      m_d = m_inv_fn(k);
      m_counter = 0;
   } else {
      m_e = m_reducer.square(m_e);
      m_d = m_reducer.square(m_d);
   }
 
   return m_reducer.multiply(i, m_e);
}

References ReinitInterval.

operator=()

Blinder & Botan::Blinder::operator= ( const Blinder & )

delete

References Blinder().

rng()

RandomNumberGenerator & Botan::Blinder::rng ( ) const

inline

Definition at line 80 of file blinding.h.

{ return m_rng; }

Referenced by Blinder().

unblind()

BigInt Botan::Blinder::unblind

(

const BigInt &

x

)

const

Unblind a value.

Parameters

x	value to unblind

Returns

unblinded value

Definition at line 49 of file blinding.cpp.

                                             {
   return m_reducer.multiply(i, m_d);
}

Member Data Documentation

ReinitInterval

size_t Botan::Blinder::ReinitInterval = 64

staticconstexpr

Normally blinding is performed by choosing a random starting point (plus its inverse, of a form appropriate to the algorithm being blinded), and then choosing new blinding operands by successive squaring of both values. This is much faster than computing a new starting point but introduces some possible corelation

To avoid possible leakage problems in long-running processes, the blinder periodically reinitializes the sequence. This value specifies how often a new sequence should be started.

If set to zero, reinitialization is disabled

Definition at line 37 of file blinding.h.

Referenced by blind().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/blinding/blinding.h
• src/lib/pubkey/blinding/blinding.cpp