Constant-time code on POWER9 #771

issue real-or-random opened this issue on July 24, 2020
  1. real-or-random commented at 10:27 PM on July 24, 2020: contributor

    GCC 9.2.1 on POWER9 emits a lot of branches for carries in the 32-bit scalar code. :( The issue seems to be similar to the one in the ECDH code. Those comparisons aren't reliably turned into constant time assembly.

    Originally posted by @gmaxwell in #708 (comment)

  2. real-or-random commented at 10:27 PM on July 24, 2020: contributor

    See also http://gnusha.org/secp256k1/2020-01-11.log at 11:29 and 11:37

  3. real-or-random referenced this in commit 10a4b2b34a on Jul 26, 2020
  4. real-or-random referenced this in commit 5b196338f0 on Jul 26, 2020
  5. real-or-random closed this on Jul 28, 2020
  6. real-or-random referenced this in commit 214cb3c321 on Jul 28, 2020
Contributors
real-or-random
Linked (view graph)
#708 Constant-time behaviour test using valgrind memtest.#772 Improve constant-timeness on PowerPC
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:52 UTC