Post-Apocalyptic Crypto
TIMECOP
/ crypto_scalarmult

Primitives for crypto_scalarmult

This page lists all primitives grouped under operation crypto_scalarmult.

For each primitive, all listed implementations were checked across a number of compilers, compiler options, and hosts.

The progress bar shows the relative number of successes, fails, and errors:

  • Success. The constant-time checker didn't find any cases where the execution time of the tested code depends on secret data.
  • Fail. The execution time of the tested code depends on secret data.
  • Error.

Errors can have multiple causes:
  • The constant-time checker encountered an error and couldn't be completed.
  • Valgrind found memory issues, but none of them are related to constant-time checks.
  • The constant-time checker timed out after 6 minutes.
  • The tested code produced invalid results. More details can be found near the start of the output file. Example: 
    crypto_aead_decrypt returns nonzero

The absolute number of successes, fails, and errors is shown to the left of the progress bar.

The following code was used to flag secret data, and test implementations:

1void timecop_doit(void)
2{
3 return doit();
4}

Click an implementation to see all checked compiler options.

curve25519
Description
Curve25519 scalar multiplication
Designers
Daniel J. Bernstein
Implementations:
donna_c64 9 / 0 / 0
chevron_right ref 9 / 0 / 0
chevron_right ref10 9 / 0 / 0
chevron_right
kummer
Implementations:
ref5 9 / 0 / 0
chevron_right ref5u 9 / 0 / 0
chevron_right
nistp256
Description
NIST P-256 scalar multiplication
Implementations:
mj32 0 / 0 / 9
chevron_right