Closed dragonsinth closed 7 years ago
Looks good! Definitely an improvement on my suggestion.
The only issue I might have with it: some operations in the secure version now depend on the sign of the exponent. Thus, timing attacks might reveal the sign of the exponent, which might or might not be an issue depending on context, but that's precisely what we'd like to avoid in the secure version, right?
I don't think it should be a big problem, the cost of the modPow should dwarf everything else in any cases where it could matter. @JakeWharton any thoughts?
I don't know enough to have an opinion. I can try to find someone that would if it's needed.
@thhofer please take a look at this version