Tikhon03
commented
7 years ago Ok. I object! Yes, it is useful-ish for RSA, but I currently do not know how to apply it to RSA in such a way that key generation would be in uniform time. I'm not going to say it is impossible. I did eventually come up with a way that I think the binary GCD can be implemented in uniform time, but that was not easy to come up with. I will think about it. If I can figure out how to do the implementation in uniform time, we will include it, but until then I think the Chinese remainder theorem is low on the priority list. RSA can be implemented in uniform time without it, and I don't feel than any speed increase is worth sacrificing a uniform time implementation. We do not want our code to be vulnerable to timing attacks!
This seems to be useful for steps in RSA.