Less Leaky ECDSA signature generation (in master)
NIIBE Yutaka
gniibe at fsij.org
Mon Mar 31 03:00:40 CEST 2025
Hello,
Thank you for your correction.
On Fri, Mar 28, 2025 at 10:21:43AM +0900, I (NIIBE Yutaka) wrote:
> While, arbitrary integers can be represented in the MPI representation,
> for a specific curve, the finite field is the one of integers module P
> (P: a prime defined by the curve). Thus, for an ECC point, we can keep
> the integer value in the range from 0 to P-1. For an intermediate value
> of integer (like multiplication), 2*P is enough size.
Ian Goldberg wrote:
> Do you mean P^2, not 2*P, as the bound of the intermediate result of a
> multiplication?
Yes. It means P^2. (I tried to say: it is enough to have memory, which
size is 2 * size of P.)
--
More information about the Gcrypt-devel
mailing list