Adam Langley f23d3ea85a crypto/(ec)dsa: use Fermat's inversion. ... Now that we have a constant-time P-256 implementation, it's worth paying more attention elsewhere. The inversion of k in (EC)DSA was using Euclid's algorithm which isn't constant-time. This change switches to Fermat's algorithm, which is much better. However, it's important to note that math/big itself isn't constant time and is using a 4-bit window for exponentiation with variable memory access patterns. (Since math/big depends quite deeply on its values being in minimal (as opposed to fixed-length) represetation, perhaps crypto/elliptic should grow a constant-time implementation of exponentiation in the scalar field.) R=bradfitz Fixes #7652. LGTM=rsc R=golang-codereviews, bradfitz, rsc CC=golang-codereviews https://golang.org/cl/82740043		2014-04-08 16:32:48 -07:00
..
dsa_test.go	build: remove dead code	2013-03-22 17:28:22 -04:00
dsa.go	crypto/(ec)dsa: use Fermat's inversion.	2014-04-08 16:32:48 -07:00