diff --git a/elliptic-curve/src/arithmetic.rs b/elliptic-curve/src/arithmetic.rs index 7a0025e41..8622d4bd0 100644 --- a/elliptic-curve/src/arithmetic.rs +++ b/elliptic-curve/src/arithmetic.rs @@ -3,7 +3,7 @@ use crate::{ Curve, CurveGroup, Error, FieldBytes, Group, NonZeroScalar, PrimeCurve, ScalarValue, ctutils::{CtEq, CtSelect}, - ops::{Invert, LinearCombination, Mul, Reduce}, + ops::{Invert, LinearCombination, Mul, MulVartime, Reduce}, point::{AffineCoordinates, NonIdentity}, scalar::{FromUintUnchecked, IsHigh}, }; @@ -88,9 +88,13 @@ pub trait CurveArithmetic: Curve { + Invert> + IsHigh + Mul + + MulVartime + for<'a> Mul<&'a Self::AffinePoint, Output = Self::ProjectivePoint> + + for<'a> MulVartime<&'a Self::AffinePoint> + Mul + + MulVartime + for<'a> Mul<&'a Self::ProjectivePoint, Output = Self::ProjectivePoint> + + for<'a> MulVartime<&'a Self::ProjectivePoint> + PartialOrd + Reduce + Reduce> diff --git a/elliptic-curve/src/dev/mock_curve.rs b/elliptic-curve/src/dev/mock_curve.rs index 0d546ae77..6c3108b9f 100644 --- a/elliptic-curve/src/dev/mock_curve.rs +++ b/elliptic-curve/src/dev/mock_curve.rs @@ -10,7 +10,10 @@ use crate::{ bigint::{Limb, Odd, U256, modular::Retrieve}, ctutils, error::{Error, Result}, - ops::{Invert, LinearCombination, Reduce, ShrAssign}, + ops::{ + Add, AddAssign, Invert, LinearCombination, Mul, MulAssign, MulVartime, Neg, Reduce, + ShrAssign, Sub, SubAssign, + }, point::{AffineCoordinates, NonIdentity}, rand_core::{TryCryptoRng, TryRng}, scalar::{FromUintUnchecked, IsHigh}, @@ -21,7 +24,6 @@ use crate::{ use core::{ array, iter::{Product, Sum}, - ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}, }; use ff::{Field, PrimeField}; use hex_literal::hex; @@ -296,6 +298,12 @@ impl Mul for Scalar { } } +impl MulVartime for Scalar { + fn mul_vartime(self, _other: AffinePoint) -> ProjectivePoint { + unimplemented!(); + } +} + impl Mul<&AffinePoint> for Scalar { type Output = ProjectivePoint; @@ -304,6 +312,12 @@ impl Mul<&AffinePoint> for Scalar { } } +impl MulVartime<&AffinePoint> for Scalar { + fn mul_vartime(self, _other: &AffinePoint) -> ProjectivePoint { + unimplemented!(); + } +} + impl Mul for Scalar { type Output = ProjectivePoint; @@ -312,6 +326,12 @@ impl Mul for Scalar { } } +impl MulVartime for Scalar { + fn mul_vartime(self, _other: ProjectivePoint) -> ProjectivePoint { + unimplemented!(); + } +} + impl Mul<&ProjectivePoint> for Scalar { type Output = ProjectivePoint; @@ -320,6 +340,12 @@ impl Mul<&ProjectivePoint> for Scalar { } } +impl MulVartime<&ProjectivePoint> for Scalar { + fn mul_vartime(self, _other: &ProjectivePoint) -> ProjectivePoint { + unimplemented!(); + } +} + impl MulAssign for Scalar { fn mul_assign(&mut self, _rhs: Scalar) { unimplemented!(); diff --git a/elliptic-curve/src/ops.rs b/elliptic-curve/src/ops.rs index 84dddd60d..c8c344b10 100644 --- a/elliptic-curve/src/ops.rs +++ b/elliptic-curve/src/ops.rs @@ -183,6 +183,21 @@ where } } +/// Variable-time equivalent of the [`Mul`] trait. +/// +/// Should always compute the same results as [`Mul`], but may provide a faster implementation. +/// +///
+/// Security Warning +/// +/// Variable-time operations should only be used on non-secret values, and may potentially leak +/// secret values! +///
+pub trait MulVartime: Mul { + /// Multiply `self` by `rhs` in variable-time. + fn mul_vartime(self, rhs: Rhs) -> >::Output; +} + /// Modular reduction to a non-zero output. /// /// This trait is primarily intended for use by curve implementations such