Is this ready for use in my prototype crypto code?

[waywardgeek]

Hi, Thomas. I would like to use this code in a prototype crypto-related project that wont go live in 2018 (though the prototype should be functional in 2018). The earliest that products using this code could possibly launch might be late 2019. In your opinion, is it OK for me to be an early adopter of CTTK? You've seen enough of my code to know that while I understand what I'm doing, I do make mistakes. My alternative is to roll-my-own to a certain extent, as no other bignum library I've seen was designed from the ground up for constant-time operation.

[pornin]

From my point of view, the code that is in CTTK is about as ready as it can be. It has comments and tests; there is nothing much to add at that point, except external uses . The library itself is said to be in "beta" state because it is quite incomplete (i.e. there are other features that I plan to add). However, what is implemented right now should be "fine" (i.e. I am reasonably happy with the API as it is now, so unless library users find problems with it, the API should not change).

[waywardgeek]

Awesome. I'll feed pull requests as I run into issues. Thanks for writing it!

[waywardgeek]

Hi, Thomas. We need to support constant-time operations on integers modulo odd numbers. In particular, don't we want Montgomery multiplication? Several other modular arithmetic constant-time operations are likely needed as well.

I'd be happy to write them, if you have time to suggest algorithms, and review my code.

[pornin]

Right now there is no support for modular integers in CTTK. I do have code for that; it is in BearSSL: https://www.bearssl.org/ (specifically in the src/int/ directory). Importing that code into CTTK is doable but it will require a bit of thinking to design a proper API (the BearSSL code is internal, thus it can tolerate an unforgiving API with merely documented assumptions on correctness of operands). I'll do that as time allows (I am just back from holiday and I expect a couple of weeks of getting things in order first).

[waywardgeek]

Awesome. In the meantime, we'll just emulate modulo operations using double-width integers and the existing constant-time mod operation. We'll drop in your upgrade when available.