Add note about branchless shift being cryptographically preferable

2018-02-16 17:02:09 +01:00 · 2018-02-16 17:02:09 +01:00 · f044d8a476
parent 5886d76ebc
commit f044d8a476
1 changed files with 3 additions and 0 deletions
--- a/src/uint_bitwise_ops.nim
+++ b/src/uint_bitwise_ops.nim
@ -74,6 +74,9 @@ proc `shr`*[T: MpUint](x: T, y: SomeInteger): T {.noInit, noSideEffect.}=
 #
 # Quick testing on MpUint[uint32] on x86_64 with Clang shows that it is somewhat slower
 # Fast shifting is key to fast division and modulo operations
+#
+# Note: Using branchless shift will help preventing timing attacks / be more robust cryptography-wise
+# Note2: It's a mess to maintain/read/update

 # proc `shl`*[T: MpUint](x: T, y: SomeInteger): T {.noInit, noSideEffect.}=
 #   ## Compute the `shift left` operation of x and y