New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to trigger the fixed_window_exponentiator
in mod_exp
?
#754
Comments
Yes the fixed window exponentiation algorithm should be correct for all moduli, Montgomery representation is just an optimization. |
@randombit Thank you. I got it. |
Hi @randombit , I comment out the branch, compile, and re-run the example code
This is how I tweak the source code:
|
Thanks, bug for certain - I will take a look at this soon. |
@randombit Thank you! |
GH #754 exposed a bug in the non-Montgomery exponentiation case. It turned out then when the fixed window was picked to any value > 1, the result would be incorrect due to an off by one. This is the one line fix in powm_fw.cpp Also fix a bug in bigint_mul which caused incorrect results, because the output BigInt was not being zeroed out before use. This is only exposed in rare cases, found (somewhat indirectly) in OSS-Fuzz #287. Add more modular exponentiation tests, which would have caught these issues earlier.
If window size > 1, the result was incorrect :( GH #754
@computereasy I believe the bug you encountered is fixed in 1.10 branch with 1a0f41b |
Closing as fixed |
Hello,
I am playing with the
rsa
decryption routine ofbotan
(version 1.10.13), and it seems that I can only trigger theMontgomery_Exponentiator
implementation of the modular exponentiation.I find the following routines in the source code, and figure out that by I can change the
n
(it is derived from thekey
, right?) to trigger thefixed_window_exponentiator
. However, after trying to re-generate the secret key for several times, I still cannot trigger thefixed window
implementation.So here is my question:
Is it legit if I hack the code, ruling out the if condition above and force the execution flow to hit the
Fixed_Window_Exponentiator
implementation? This is only for some academic study, not real usage so no worries about the potential safety issue. I just want to execute thefixed_window
routine.If not, how should I trigger this fixed window implementation?
I would really appreciate any advice and suggestion, thank you in advance!
The text was updated successfully, but these errors were encountered: