That certainly answers that. Disappointing! Irene
On Fri, Apr 3, 2015 at 12:01 PM Tony Arcieri <[email protected]> wrote: > On Fri, Apr 3, 2015 at 11:48 AM, Michael Hamburg <[email protected]> > wrote: > >> It may be that if your tool chooses carefully the optimization passes — >> or even avoids most of them entirely — you could get constant-time >> operation. But I don’t know enough about LLVM’s codegen to be sure one way >> or the other. At least until recently, though, it was absolutely terrible >> at things like add-with-carry intrinsics. (Not necessarily making them >> variable time, but lowering add; addc to add; setc; zext; add; add.) >> >> — Mike >> > > I asked the Rust developers to ask the LLVM developers if it's possible to > have LLVM produce guaranteed constant time code. I wasn't privy to the > conversation, but my understanding is the tl;dr: was "no" > > > -- > Tony Arcieri >
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
