Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blinding uses slow algorithm #162

tomato42 opened this issue Oct 18, 2020 · 0 comments

Blinding uses slow algorithm #162

tomato42 opened this issue Oct 18, 2020 · 0 comments


Copy link

@tomato42 tomato42 commented Oct 18, 2020

The private key operations generate a new blinding factor for every new signature:


Lines 440 to 453 in 4beb68d

def blinded_encrypt(self, message: int) -> int:
"""Encrypts the message using blinding to prevent side-channel attacks.
:param message: the message to encrypt
:type message: int
:returns: the encrypted message
:rtype: int
blind_r = self._get_blinding_factor()
blinded = self.blind(message, blind_r) # blind before encrypting
encrypted = rsa.core.encrypt_int(blinded, self.d, self.n)
return self.unblind(encrypted, blind_r)

Given that blinding requires calculating inverse modulo of of the blinding factor, it is a slow operation (rule of thumb is that inverse is as costly as calculating 100 modulo multiplications).

The existing literature[1] (section 9) suggests generating a blinding factor, its inverse, and then squaring both of them for next operation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant