[curves] Distribution-ready optimized code
Tony Arcieri
bascule at gmail.com
Fri Apr 3 12:01:21 PDT 2015
On Fri, Apr 3, 2015 at 11:48 AM, Michael Hamburg <mike at shiftleft.org> wrote:
> It may be that if your tool chooses carefully the optimization passes — or
> even avoids most of them entirely — you could get constant-time operation.
> But I don’t know enough about LLVM’s codegen to be sure one way or the
> other. At least until recently, though, it was absolutely terrible at
> things like add-with-carry intrinsics. (Not necessarily making them
> variable time, but lowering add; addc to add; setc; zext; add; add.)
>
> — Mike
>
I asked the Rust developers to ask the LLVM developers if it's possible to
have LLVM produce guaranteed constant time code. I wasn't privy to the
conversation, but my understanding is the tl;dr: was "no"
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150403/53e5f3e1/attachment.html>
More information about the Curves
mailing list