Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
Hi, Some comments on the 3.3, plan:
- Add larger "safe" curves, e.g., M-383, curve41417, curve448 and
- E-521.
I think curve448 should be prioritized over anything else since it seems to be the only thing being standardized at the moment by CFRG: https://tools.ietf.org/html/rfc7748
Makes sense. IIRC, the corresponding Edwards curve for curve448 needs slightly different equations for scalar multiply with a fixed point.
Side-channel silent mem_equalp.
Do you mean a function with run time independent of its input values?
Exactly.
I have such a function at gnutls: https://gitlab.com/gnutls/gnutls/blob/master/lib/safe-memfuncs.c#L70
Difficulty is proper naming... Since it doesn't distinguish between lexically smaller and larger like memcmp, I don't think it should be named like *_memcmp. And we also need a name for the nettle header file.
Regards, /Niels