Closed qmuntal closed 2 years ago
What is the advantage of removing big.Int
from the crypto layer?
What is the advantage of removing
big.Int
from the crypto layer?
The Go security team is trying to reduce the usage of big.Int
from crypto code, as it is slow, not constant time and not designed for being used in the cryptography foundations.
This is the commit were big.Int
was removed from boring
: https://go-review.googlesource.com/c/go/+/395877/12
And these are other issues related to removing big.Int
from other packages or fixing it:
In our case, it will make security reviews a little bit easier, as by removing big.Int
from our code there won't be any doubt we are really delegating big integer operations to OpenSSL.
This PR is an almost direct port of https://go-review.googlesource.com/c/go/+/395875/10. In our case there is no visible performance win, which was the motivation of the original CL, but it paves the path to removing
big.Int
fromgo-crypto-openssl
, which is necessary for go1.19.