The radix 2^51 trick

Thu, 01 Jun 2017 00:00:00 -0400

Faster addition and subtraction on modern CPUs

Do you remember how to do long addition on paper?

 ¹¹ ¹
  6876
+ 3406
------
 10282

Starting from the “ones” position, we add 6 + 6 = 12, write down a 2 and carry a 1. We proceed to the left, one position at a time, until there are no more digits to add.

When implementing addition for large integers (e.g. 2⁶⁴ and above), it’s common to write code that looks quite similar to this algorithm. Interestingly, there’s a straightforward trick that can speed up this process enormously on modern CPUs…

A beginner's guide to constant-time cryptography

Fri, 21 Apr 2017 00:00:00 -0400

For programmers new to cryptography, there are plenty of “known unknowns” – unfamiliar terms like “elliptic curves” and “random oracles”, and unnecessarily long acronyms (“RSASSA-PKCS-v1_5”, like really?). But what really gives cryptography its reputation is the unknown unknowns. The things that catch even experienced developers by surprise.

Quick, where’s the vulnerability in this code? (I used JavaScript here, but the same vulnerability would occur in Python, Ruby, and most other languages.)

// Throw an error if inputKey is not correct.
// inputKey and correctKey are both strings
function checkApiKey(inputKey, correctKey) {
	if (inputKey !== correctKey) {
		throw new Error("wrong key");
	}
}

If you spotted it, nice work. I’m guessing you have at least a passing interest in cryptography.

If you didn’t, here’s how the exploit works…

Chosen Plaintext

The radix 2^51 trick

A beginner's guide to constant-time cryptography