Open randombit opened 3 weeks ago
This way Clang never sees donna128 and can't do it's nasty/smart optimizations.
donna128
This assumes _BitInt is constant time which it is on x86-64 but I should check RISC-V32 since that seems worst case (32 bit, no carry bit) [*]
[*] And if _BitInt is not ct on RISCV that probably prevent using it for word3 also
word3
This way Clang never sees
donna128and can't do it's nasty/smart optimizations.This assumes _BitInt is constant time which it is on x86-64 but I should check RISC-V32 since that seems worst case (32 bit, no carry bit) [*]
[*] And if _BitInt is not ct on RISCV that probably prevent using it for
word3also