Replace default adapter?

[kornrunner]

Since this is meant to be a drop in replacement - I thought of submitting a PR that would change default adapter within MathAdapterFactory from GmpMath to ConstantTimeMath as it would make the change more seamless downstream. However, once that change is made - tests seem to hang indefinitely.

Just wanted to let you know. Thanks!

[paragonie-security]

That's expected, and why we aren't just dropping it in as a replacement for GMPMath.

There are a lot of uses of GMP in this library. Every loop of the Montgomery ladder would pass through several places where modular arithmetic is used. Most of these usages are computations over public inputs (i.e., a timing attack reveals nothing), so all you get is a performance hit without any clear benefit.

The trade-off for being constant-time is that you're slower than a generic implementation. So we reserve it for code that touches secrets.