Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8203228

Branch-free output conversion for X25519 and X448

    XMLWordPrintable

    Details

      Backports

        Description

        The existing X25519 and X448 implementations do not branch during the group operations. However, converting the resulting group element to a byte array currently uses BigInteger. Removing the branching from this operation will make the implementation more resistant to side-channel attacks, and possibly more efficient.

        This is an implementation change only, and the correctness can be verified by running the existing regression tests for X25519/X448 and the underlying field arithmetic.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                apetcher Adam Petcher (Inactive)
                Reporter:
                apetcher Adam Petcher (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: