I think this is a good thing but would still recommend a belt-and-suspenders approach which uses random blinding in addition to "constant time" bignums.
The latter seem particularly hard to achieve securely in practice, with a long history of failure. Random blinding seems to provide a general defense against a wide range of sidechannel attacks. -- Tony Arcieri
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves
