[openssl-dev] Partially- vs. full- reduced inputs to ecp_nistz256_neg
Andy Polyakov
appro at openssl.org
Mon Aug 22 10:15:48 UTC 2016
>>> * Fix ecp_nistz256_mul_by_2 and ecp_nistz256_mul_by_3 to fully reduce
>>> their outputs.
>>>
>>> * Fix ecp_nistz256_add to fully reduce its output.
>>
>> As for specifically addition see below. As for fixing mul_by_[23] and
>> the fact that they use addition. There are two ways. a) Modify addition
>> so that it *preserves* property of being fully reduced and leave
>> mul_by_[23] as is. b) Let addition as is and add additional step to
>> mul_by_[23]. The choice of approach can be platform-specific. For
>> example on x86_64 a) is simpler and appears more efficient.
After considering other ecp_nistz256-enabled platforms a) appears better
choice on all of them. It probably holds universally true, but I would
still mention b) in commentary...
More information about the openssl-dev
mailing list