> On Wednesday, November 4, 2015 at 12:56:12 PM UTC-5, jean-pierre.muench > wrote: >> >> Interesting idea, although I fear that a timing side channel may remain >> (two dozen carries may take longer than no carry) and thereby not fixing >> the problem (if I'm reading things right). >> > > Forgot to mention... An ADC will work nicely here ( > http://www.fermimn.gov.it/linux/quarta/x86/adc.htm). There might even be > an intrinsic for it. > > Are you proposing something like the following? > > void IncrementCounterByOne(byte *in,byte *out, unsigned int size) > { > byte cf = _addcarry_u8(0,1,in[size-1],&in[size-1]); // make the initial > addition > for(int i=size-2;i>=0;--i) > { > cf = _addcarry_u8(cf,0,in[i],&in[i]); // carry it over until the very > end > } > memmove(out,in,size); > } > > > This should run in constant time, assuming _addcarry_u8 runs in constant > time. > I've tested this and it produces correct results. >
Yeah, something like that should be fine. In that particular overload, I *think* `in` is a `const byte*`, so you probably cannot write to it. But I'd need to check. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
