I implemented a precomputation method for speeding up exponentiation
and got it working today. I spent some time researching the options
in this space on Thursday (which took up time, unfortunately) and I am
comfortable with what I've gone with. It should not be vulnerable to
a timing attack, it uses pre-1994 algorithms, it has been well tested,
and it doesn't have any memory leaks.
Next, I will need to integrate this into the rest of the code. I am
thinking of writing a function like this:
/*
* ec_group_expH_generator(G, result, exp) computes g^exp, where
* g is the generator of the group C, and sets result to that value
*/
int ec_group_expH_generator(const ec_group *C, ec_group_elementH
*result, const BIGNUM *exp);
This function will use the precomputation functions, if they are
available for that group. otherwise, it will use the regular
exponentiation function ec_group_expH_windowed().
I will need to add a pointer to the generator-exponentiation context
into the curve structure, and add some calls to initialize that
pointer. I will make an option (compile time seems the best) to omit
this optimization; wimpy platforms that can't stand to store or fetch
17Kb (that's the size of the precomputed data for P521).
I will also need to then change some calls to the
ec_group_expH_windowed() to calls to ec_group_expH_generator().
David
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
