[curves] Distribution-ready optimized code
Irene Knapp
ireneista at gmail.com
Fri Apr 3 12:02:23 PDT 2015
That certainly answers that. Disappointing!
Irene
On Fri, Apr 3, 2015 at 12:01 PM Tony Arcieri <bascule at gmail.com> wrote:
> On Fri, Apr 3, 2015 at 11:48 AM, Michael Hamburg <mike at shiftleft.org>
> wrote:
>
>> It may be that if your tool chooses carefully the optimization passes —
>> or even avoids most of them entirely — you could get constant-time
>> operation. But I don’t know enough about LLVM’s codegen to be sure one way
>> or the other. At least until recently, though, it was absolutely terrible
>> at things like add-with-carry intrinsics. (Not necessarily making them
>> variable time, but lowering add; addc to add; setc; zext; add; add.)
>>
>> — Mike
>>
>
> I asked the Rust developers to ask the LLVM developers if it's possible to
> have LLVM produce guaranteed constant time code. I wasn't privy to the
> conversation, but my understanding is the tl;dr: was "no"
>
>
> --
> Tony Arcieri
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150403/d3ded4c9/attachment.html>
More information about the Curves
mailing list