Botan 3.9.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Attributes | List of all members
Botan::VartimeMul2Table< C, W > Class Template Referencefinal

#include <pcurves_impl.h>

Public Types

using AffinePoint = typename C::AffinePoint
using ProjectivePoint = typename C::ProjectivePoint
using Scalar = typename C::Scalar

Public Member Functions

ProjectivePoint mul2_vartime (const Scalar &s1, const Scalar &s2) const
 VartimeMul2Table (const AffinePoint &p, const AffinePoint &q)

Static Public Attributes

static constexpr size_t WindowBits = W

Detailed Description

template<typename C, size_t W>
class Botan::VartimeMul2Table< C, W >

Definition at line 1573 of file pcurves_impl.h.

Member Typedef Documentation

◆ AffinePoint

template<typename C, size_t W>
using Botan::VartimeMul2Table< C, W >::AffinePoint = typename C::AffinePoint

Definition at line 1581 of file pcurves_impl.h.

◆ ProjectivePoint

template<typename C, size_t W>
using Botan::VartimeMul2Table< C, W >::ProjectivePoint = typename C::ProjectivePoint

Definition at line 1582 of file pcurves_impl.h.

◆ Scalar

template<typename C, size_t W>
using Botan::VartimeMul2Table< C, W >::Scalar = typename C::Scalar

Definition at line 1580 of file pcurves_impl.h.

Constructor & Destructor Documentation

◆ VartimeMul2Table()

template<typename C, size_t W>
Botan::VartimeMul2Table< C, W >::VartimeMul2Table ( const AffinePoint & p,
const AffinePoint & q )
inline

Definition at line 1584 of file pcurves_impl.h.

1584 :
1585 m_table(to_affine_batch<C>(mul2_setup<C, W>(p, q))) {}

References Botan::mul2_setup(), and Botan::to_affine_batch().

Member Function Documentation

◆ mul2_vartime()

template<typename C, size_t W>
ProjectivePoint Botan::VartimeMul2Table< C, W >::mul2_vartime ( const Scalar & s1,
const Scalar & s2 ) const
inline

Variable time 2-ary multiplication

A common use of 2-ary multiplication is when verifying the commitments of an elliptic curve signature. Since in this case the inputs are all public, there is no problem with variable time computation.

TODO in the future we could use joint sparse form here.

Definition at line 1596 of file pcurves_impl.h.

1596 {
1597 constexpr size_t Windows = (Scalar::BITS + WindowBits - 1) / WindowBits;
1598
1599 const UnblindedScalarBits<C, W> bits1(s1);
1600 const UnblindedScalarBits<C, W> bits2(s2);
1601
1602 bool s1_is_zero = s1.is_zero().as_bool();
1603 bool s2_is_zero = s2.is_zero().as_bool();
1604
1605 // Conditional ok: this function is variable time
1606 if(s1_is_zero && s2_is_zero) {
1607 return ProjectivePoint::identity();
1608 }
1609
1610 auto [w_0, first_nonempty_window] = [&]() {
1611 for(size_t i = 0; i != Windows; ++i) {
1612 const size_t w_1 = bits1.get_window((Windows - i - 1) * WindowBits);
1613 const size_t w_2 = bits2.get_window((Windows - i - 1) * WindowBits);
1614 const size_t window = w_1 + (w_2 << WindowBits);
1615 // Conditional ok: this function is variable time
1616 if(window > 0) {
1617 return std::make_pair(window, i);
1618 }
1619 }
1620 // We checked for s1 == s2 == 0 above, so we must see a window eventually
1621 BOTAN_ASSERT_UNREACHABLE();
1622 }();
1623
1624 BOTAN_ASSERT_NOMSG(w_0 > 0);
1625 auto accum = ProjectivePoint::from_affine(m_table[w_0 - 1]);
1626
1627 for(size_t i = first_nonempty_window + 1; i < Windows; ++i) {
1628 accum = accum.dbl_n(WindowBits);
1629
1630 const size_t w_1 = bits1.get_window((Windows - i - 1) * WindowBits);
1631 const size_t w_2 = bits2.get_window((Windows - i - 1) * WindowBits);
1632
1633 const size_t window = w_1 + (w_2 << WindowBits);
1634
1635 // Conditional ok: this function is variable time
1636 if(window > 0) {
1637 accum += m_table[window - 1];
1638 }
1639 }
1640
1641 return accum;
1642 }
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:163
Botan::VartimeMul2Table::WindowBits
static constexpr size_t WindowBits
Definition pcurves_impl.h:1578

References BOTAN_ASSERT_NOMSG, BOTAN_ASSERT_UNREACHABLE, Botan::UnblindedScalarBits< C, WindowBits >::get_window(), and WindowBits.

Member Data Documentation

◆ WindowBits

template<typename C, size_t W>
size_t Botan::VartimeMul2Table< C, W >::WindowBits = W
staticconstexpr

Definition at line 1578 of file pcurves_impl.h.

Referenced by mul2_vartime().

The documentation for this class was generated from the following file:
Generated by doxygen 1.14.0