Simon Josefsson simon@josefsson.org writes:
Why is that? Is it because you re-use code that is also used by signing?
Exactly, for now I stick to using the same primitives.
Maybe it makes sense to implement the time consuming functions in a side-channel leaky (but faster) way for use with verify? It will make the code somewhat bigger, but I'm not sure anyone cares.
It would certainly make sense to use separate functions for verifying (or other computations on public values only), but I think I'd like to integrate the current code in Nettle first. And there are other possible optimizations too, so I think one should go for the lowest hanging fruit first.
Btw, it would be nice to compare with GnuTLS' ECDSA as well, it contains some nice optimizations.
Do you have an example on how to do that? Corresponding to the (quite ugly) openssl interface at https://www.openssl.org/docs/crypto/ecdsa.html, including an almost working example. I have to admit that I'm not very familiar with gnutls, so I'm probably not looking at the right places.
Regards, /Niels