-
I'm facing a similar problem with #209 and in my case I got the problem on Safari 10.0.3.
I tried to calculate the execution time using following code on Safari and Chrome:
```
const start = new …
-
In `tommath.h` we have:
```
...
#if !(defined(MP_32BIT) || defined(MP_16BIT) || defined(MP_8BIT))
...
```
and couple of lines after that:
```
...
#ifdef MP_31BIT
...
```
IMO both `MP_31BIT` and `M…
-
version: 1.18.0
In IE edge the authenticateUser method nearly crashes the browser. It is very slow. Once authenticated the browser still hangs and click events seems to be disabled. Sometimes is re…
-
-
An overflow bug in the AVX2 Montgomery multiplication procedure exists in the detected version of OpenSSL. This bug does not affect EC (elliptic curve) based algorithms. According to the vendor, att…
-
The Back-Maxwell rangeproof construction we use in `dalek-rangeproofs` requires scalar inversion. Right now we just have an easy and naive implementation with no optimization, but which is nearly as e…
-
I understand that nocrypto uses zarith library which in turn uses GMP. Relevant for RSA, GMP provides mpz_powm and mpz_powm_sec. zaritz (which IMHO is not security-focused) seems to use mpz_powm while…
-
The serialisation format for BN-254 points, taken from IEEE Std 1363-2000/2004, has some deficiencies:
* It requires a modular inversion to decode a G2 element.
* It unnecessarily uses a different…
daira updated
6 years ago
-
It would be great to have this library (or possibly a `x25519-dalek` similar to `ed25519-dalek`, to keep this one low-level focused) provide the higher-level DH functions `curve25519()` and `curve2551…
-
How far away are we from having something like `ArithmeticSynthesisTest` that uses montgomery multiplication (leaving in admits)? If we can get that, then I can start looking into adding loops to the…