From f044d8a476a686b0d9142b774d15f4a3e11a2f4a Mon Sep 17 00:00:00 2001 From: mratsim Date: Fri, 16 Feb 2018 17:02:09 +0100 Subject: [PATCH] Add note about branchless shift being cryptographically preferable --- src/uint_bitwise_ops.nim | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/uint_bitwise_ops.nim b/src/uint_bitwise_ops.nim index 5f4b77b..1e6fd84 100644 --- a/src/uint_bitwise_ops.nim +++ b/src/uint_bitwise_ops.nim @@ -74,6 +74,9 @@ proc `shr`*[T: MpUint](x: T, y: SomeInteger): T {.noInit, noSideEffect.}= # # Quick testing on MpUint[uint32] on x86_64 with Clang shows that it is somewhat slower # Fast shifting is key to fast division and modulo operations +# +# Note: Using branchless shift will help preventing timing attacks / be more robust cryptography-wise +# Note2: It's a mess to maintain/read/update # proc `shl`*[T: MpUint](x: T, y: SomeInteger): T {.noInit, noSideEffect.}= # ## Compute the `shift left` operation of x and y