i trying implement point scalar double , add multiplication function not leak , information possibly performs in constant time. however, fact not leak information important.
i ask me our , perhaps fix code below not leak information. have noticed different scalar sizes function takes different times compute insecure.
any help? please
def point_scalar_multiplication_double_and_add(a, b, p, x, y, scalar): """ implement point multiplication scalar: r * (x, y) = (x, y) + ... + (x, y) (r times) reminder of double , multiply algorithm: r * p q = inf = 0 num_bits(p)-1 if bit of p == 1 q = q + p p = 2 * p return q """ q = (none, none) p = (x, y) binary = bin(scalar) in range(scalar.num_bits()): if binary[scalar.num_bits()-i+1] == '1': q = point_add(a, b, p, q[0], q[1], p[0], p[1]) #print q pass p = point_double(a, b, p, p[0],p[1]) pass return q
try this. hard-coded bit count avoid leaking based on value of scalar, , tried balance instructions regardless of whether or not action taken.
i can't find 'num_bits' documented, assume scalar object of kind. please adjust num_bits constant maximum size of scalar value (at least, max intend use).
a few places did find mention of numbits online, referred number of active bits, tend leak data if used (e.g., scalar(1).num_bits() != scalar(1000).num_bits()).
edited:
def point_scalar_multiplication_double_and_add(a, b, p, x, y, scalar): """ implement point multiplication scalar: r * (x, y) = (x, y) + ... + (x, y) (r times) reminder of double , multiply algorithm: r * p q = inf = 0 num_bits(p)-1 if bit of p == 1 q = q + p p = 2 * p return q """ q = (none, none) q2 = q p = (x, y) binary = bin(scalar) binary = binary[2:] # rid of 0b num_bits = 64 # pre-pad binary 0s - 1010 becomes 0000000...00001010 binary = '0' * (num_bits - len(binary)) + binary # reverse binary , iterate on bits b in binary[::-1]: q2 = point_add(a, b, p, q[0], q[1], p[0], p[1]) if b == '1': q = q2 else: q2 = q # useless, balances instruction count p = point_double(a, b, p, p[0],p[1]) return q 
Comments
Post a Comment