[openssl/openssl] 94a4ef: design: Fixed size large numbers
0 views
Skip to first unread message
Richard Levitte
Oct 8, 2025, 9:25:36 AMOct 8
to openssl...@openssl.org
Branch: refs/heads/feature/ossl_fn
Home: https://github.com/openssl/openssl
Commit: 94a4ef317f8a5bd96e8f816155c967b104bf717b
https://github.com/openssl/openssl/commit/94a4ef317f8a5bd96e8f816155c967b104bf717b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-10-08 (Wed, 08 Oct 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 94a4ef317f8a5bd96e8f816155c967b104bf717b
https://github.com/openssl/openssl/commit/94a4ef317f8a5bd96e8f816155c967b104bf717b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-10-08 (Wed, 08 Oct 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages