Unfortunately, Java does not support mixing booleans and bytes as operands of bitwise operators. Therefore, the add overload used in mult_rsa_trick was modified to return the byte with the carry bit itself.
Of course, this is at the expense of readability due to the unavoidable casts of intermediate values to shorts or bytes. On the other hand, the timing difference between the executions with or without the usage of the carry bit if branch was measurable.
The change was tested on JCOP3 J3H145 using the enclosed test suite.
Unfortunately, Java does not support mixing booleans and bytes as operands of bitwise operators. Therefore, the add overload used in
mult_rsa_trick
was modified to return the byte with the carry bit itself.Of course, this is at the expense of readability due to the unavoidable casts of intermediate values to shorts or bytes. On the other hand, the timing difference between the executions with or without the usage of the carry bit if branch was measurable.
The change was tested on JCOP3 J3H145 using the enclosed test suite.
Detected-by: JCProfilerNext
Measurements without this patch:
Measurements with this patch:
/cc @petrs
EDIT: use a similar binsize in both histograms for consistency