[curves] Constant-time big-integer support in Go standard library

Bryan Ford brynosaurus at gmail.com
Sat Jul 8 09:51:21 PDT 2017


For those of you who use or might use Go for public-key crypto, there’s a GitHub discussion I’d like to draw your attention to:

	proposal: math/big: support for constant-time arithmetic
	https://github.com/golang/go/issues/20654 <https://github.com/golang/go/issues/20654>

The brief summary is that Go has big-integer (‘big.Int’) support in the standard library, which is used by the public-key crypto APIs in the standard library (e.g., crypto/rsa, crypto/dsa, crypto/ecdsa) - unsafely, because big.Int currently doesn’t even make any attempt to support constant-time operation.  My proposal, which launched the above thread, tries to identify and begin to prototype a reasonable, backward-compatible but general way of enhancing Go’s big.Int type to support constant-time operation as needed by crypto arithmetic.

Most of the current discussion participants are Go language and/or compiler people; the discussion might benefit from the perspectives of a hard-core cryptographer or two.  Especially if any of you know of “examples of interesting or important projects” using Go that would benefit from constant-time big-number arithmetic, it would be great if you could chime in.

Of course the thread’s primary focus is Go, but the discussion touches on many issues that are broadly relevant (and difficult) across languages, such as methods of testing whether the compiler-generated code “really” is constant-time with respect to sensitive inputs.

Thanks
Bryan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170708/95a182be/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170708/95a182be/attachment.sig>


More information about the Curves mailing list