13 Feb
2013
13 Feb
'13
7:42 p.m.
ons 2013-02-13 klockan 16:34 +0100 skrev Niels Möller:
While for verify, we're a little behind. And my code tries hard to be side-channel silent (even for verify, where it doesn't matter).
Why is that? Is it because you re-use code that is also used by signing? Maybe it makes sense to implement the time consuming functions in a side-channel leaky (but faster) way for use with verify? It will make the code somewhat bigger, but I'm not sure anyone cares.
Btw, it would be nice to compare with GnuTLS' ECDSA as well, it contains some nice optimizations.
/Simon