The purpose of this package is to provide a version of arbitrary sized arithmetic, in a safe (i.e. constant-time) way, for cryptography.
This is experimental software, use at your own peril.
This code reuses some assembly routines from Go's standard library, inside of the
arith*.go. These have been adjusted to remove some non-constant-time codepaths, most of which aren't used anyways.
Integrating with Go
Initially, this code was structured to be relatively straightforwardly patched into Go's standard library. The idea would be to use the
arith*.go files already in Go's
math/big package, and just add a
Unfortunately, this approach doesn't seem to be possible, because of
subVWlarge, which are two non-constant time routines. These are jumped to inside of the assembly code in Go's
math/big routines, so using them would require intrusive modification, which rules out this code living alongside
math/big, and sharing its routines.
Merging things upstream
The easiest path towards merging this work upstream, in all likelihood, is having this package live in
crypto, and duplicating some of the assembly code as necessary.
The rationale here is that
math/big's needs will inevitably lead to situations like this, where a routine is tempted to bail towards a non-constant time variant for large or special inputs. Ultimately, having this code live in
crypto is much more likely to allow us to ensure its integrity. It would also allow us to add assembly specifically tailored for our operations, such as conditional addition, and things like that.
Run with assembly routines:
go test -bench=.
Run with pure Go code:
go test -bench=. -tags math_big_pure_go
arith*.go come from Go's standard library, and are licensed under a BSD license in
LICENSE_go. The rest of the code is under an MIT license.