> Therefore, > additional layers of side-channel obfuscation is needed, like standard > RSA message blinding, mod argument blinding, exponent blinding.
sure, but I think that should be performed by upper level code, as how you do blinding depends on the algorithm and operation you're performing I don't think it would be mathematically possible to do any of these blinding operations in mpn_sec_powm. Not unless you successfully factor the modulus operand locally, but that might be a tad bit expensive, in particular if the factoring is to be side channel silent. :-) -- Torbjörn Please encrypt, key id 0xC8601622 _______________________________________________ gmp-bugs mailing list gmp-bugs@gmplib.org https://gmplib.org/mailman/listinfo/gmp-bugs