Uint: constant-time Bernstein-Yang `is_negative`

RustCrypto / crypto-bigint

Cryptography-oriented big integer library with constant-time, stack-allocated (no_std-friendly) implementations of modern formulas

Apache License 2.0

193 stars 56 forks source link

Uint: constant-time Bernstein-Yang `is_negative` #628

Closed tarcieri closed 3 months ago

tarcieri commented 3 months ago

Changes Int64L::is_negative to return ConstChoice rather than bool, also adding a Int64L::select method for selecting between two values predicated on a ConstChoice.

This eliminates some of the branching in the implementation (#627).

cc @erik-3milabs

tarcieri commented 3 months ago

Hmm, this appears to potentially be broken on 32-bit platforms. Will try to reproduce locally.

Edit: well it's definitely regressed, but looks like it's some sort of computational problem, either heavily regressed performance or infinite loop

Edit again: fixed in ceb737a