absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-11 05:29:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tweak multiexp to Zeroize points when invoked in constant time, not just scalars

Browse Source
This commit is contained in:
Luke Parker
2025-08-19 22:28:59 -04:00
parent 8a1b56a928
commit 17c1d5cd6b
8 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/multiexp/src/pippenger.rs
View File

@@ -7,7 +7,7 @@ use crate::prep_bits;
// Pippenger's algorithm for multiexponentiation, as published in the SIAM Journal on Computing
// DOI: 10.1137/0209022
pub(crate) fn pippenger<G: Group<Scalar: PrimeFieldBits>>(
pub(crate) fn pippenger<G: Zeroize + Group<Scalar: PrimeFieldBits>>(
pairs: &[(G::Scalar, G)],
window: u8,
) -> G {
@@ -25,6 +25,7 @@ pub(crate) fn pippenger<G: Group<Scalar: PrimeFieldBits>>(
for p in 0 .. bits.len() {
buckets[usize::from(bits[p][n])] += pairs[p].1;
}
buckets.zeroize();
let mut intermediate_sum = G::identity();
for b in (1 .. buckets.len()).rev() {