-
If I understand correctly, poly_csubq is not required for compressions. The reason is that, in the current avx2 implementations, the floor variant of Barrett reduction is used instead of the rounding …
-
### Aim
Using the following function
```noir
pub fn from_byte_be_to_fields(x: [u8; NBytes]) -> [Field; N] {
let mut result = [0 as Field; N];
let mut limb: Field = 0;
let mut k = 0;
…
-
We have a number of different options for how we want to reduce functional programs:
@gabriel-barrett's candidate is https://github.com/gabriel-barrett/rust-evaluator/blob/functional_implementation…
-
The RSA implementation in os/rsa.c uses the Chinese Remainder Theorem without blinding to efficiently decrypt. This introduces a timing attack, slightly different from the published one, where the var…
-
For background, I starting looking at this when a profile of a Perl 6 program that calculated Ackerman numbers showed that 90% of the time was spent stringifying a big Integer to print the result. I w…
-
Two ways are possible:
1. Store some of the values in Montgomery representation. Good candidates are the keys and perhaps bootstrap values? We can prevent mistakes by creating a `RNSPolynomialTrans…
-
This issue affects everybody except Nick so I added all developers to the Assignees (except Nick)
Latest estimation from Tore on the gas consumption of elliptic math:
> version without Pedersen …
-
Consider options `--interesting-exit-code` and `--interesting-stderr`.
Right now the reduction is considered to be interesting when either condition matches:
https://github.com/langston-barrett/…
pacak updated
5 months ago
-
Montgomery reduction requires an odd modulus, and that's the only one that's implemented at present. Even moduli could be handled by having special code for moduli that are powers of 2 (in which case …
-
Hi Emil,
first of all thanks a lot for releasing these nice UMAAL-based implementations of the base field of P256 under a permissive license! I'm building a Rust implementation of P256 ECDH/ECDSA a…