On Fri, Apr 3, 2015 at 11:48 AM, Michael Hamburg <[email protected]> wrote:
> It may be that if your tool chooses carefully the optimization passes — or > even avoids most of them entirely — you could get constant-time operation. > But I don’t know enough about LLVM’s codegen to be sure one way or the > other. At least until recently, though, it was absolutely terrible at > things like add-with-carry intrinsics. (Not necessarily making them > variable time, but lowering add; addc to add; setc; zext; add; add.) > > — Mike > I asked the Rust developers to ask the LLVM developers if it's possible to have LLVM produce guaranteed constant time code. I wasn't privy to the conversation, but my understanding is the tl;dr: was "no" -- Tony Arcieri
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
