From d78d99738fc727f2efea7b99f6bc3cc9a083dca1 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 14 Sep 2018 18:04:22 +0700 Subject: Reduce single-bit extractions from scalars --- crypto/src/math/ec/multiplier/FixedPointCombMultiplier.cs | 8 +++++--- crypto/src/math/ec/rfc8032/Ed448.cs | 5 +++-- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'crypto') diff --git a/crypto/src/math/ec/multiplier/FixedPointCombMultiplier.cs b/crypto/src/math/ec/multiplier/FixedPointCombMultiplier.cs index 505832442..37e5b5c29 100644 --- a/crypto/src/math/ec/multiplier/FixedPointCombMultiplier.cs +++ b/crypto/src/math/ec/multiplier/FixedPointCombMultiplier.cs @@ -37,15 +37,17 @@ namespace Org.BouncyCastle.Math.EC.Multiplier int top = fullComb - 1; for (int i = 0; i < d; ++i) { - int secretIndex = 0; + uint secretIndex = 0; for (int j = top - i; j >= 0; j -= d) { + uint secretBit = K[j >> 5] >> (j & 0x1F); + secretIndex ^= secretBit >> 1; secretIndex <<= 1; - secretIndex |= (int)Nat.GetBit(K, j); + secretIndex ^= secretBit; } - ECPoint add = lookupTable.Lookup(secretIndex); + ECPoint add = lookupTable.Lookup((int)secretIndex); R = R.TwicePlus(add); } diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index 0e56b12a8..c1c0788a7 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -971,8 +971,9 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 uint w = 0; for (int t = 0; t < PrecompTeeth; ++t) { - uint tBit = (n[tPos >> 5] >> (tPos & 0x1F)) & 1U; - w |= tBit << t; + uint tBit = n[tPos >> 5] >> (tPos & 0x1F); + w &= ~(1U << t); + w ^= (tBit << t); tPos += PrecompSpacing; } -- cgit 1.4.1