Data

Tools

Indexes

Applications

Experiments

Open Source Science

saferith

Constant time big numbers for Go

https://github.com/cronokirby/saferith

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (7.4%) to scientific vocabulary
Last synced: 10 months ago · JSON representation ·

Repository

Constant time big numbers for Go

Basic Info
  • Host: GitHub
  • Owner: cronokirby
  • License: mit
  • Language: Go
  • Default Branch: main
  • Size: 225 KB
Statistics
  • Stars: 103
  • Watchers: 0
  • Forks: 14
  • Open Issues: 3
  • Releases: 0
Created over 5 years ago · Last pushed over 1 year ago
Metadata Files
Readme License Citation

README.md

saferith

The purpose of this package is to provide a version of arbitrary sized arithmetic, in a safer (i.e. constant-time) way, for cryptography.

This is experimental software, use at your own peril.

Assembly

This code reuses some assembly routines from Go's standard library, inside of the arith*.go. These have been adjusted to remove some non-constant-time codepaths, most of which aren't used anyways.

Integrating with Go

Initially, this code was structured to be relatively straightforwardly patched into Go's standard library. The idea would be to use the arith*.go files already in Go's math/big package, and just add a num.go file.

Unfortunately, this approach doesn't seem to be possible, because of addVWlarge and subVWlarge, which are two non-constant time routines. These are jumped to inside of the assembly code in Go's math/big routines, so using them would require intrusive modification, which rules out this code living alongside math/big, and sharing its routines.

Merging things upstream

The easiest path towards merging this work upstream, in all likelihood, is having this package live in crypto, and duplicating some of the assembly code as necessary.

The rationale here is that math/big's needs will inevitably lead to situations like this, where a routine is tempted to bail towards a non-constant time variant for large or special inputs. Ultimately, having this code live in crypto is much more likely to allow us to ensure its integrity. It would also allow us to add assembly specifically tailored for our operations, such as conditional addition, and things like that.

Benchmarks

Run with assembly routines:

go test -bench=.

Run with pure Go code:

go test -bench=. -tags math_big_pure_go

Licensing

The files arith*.go come from Go's standard library, and are licensed under a BSD license in LICENSE_go. The rest of the code is under an MIT license.

Owner

  • Name: Lúcás Meier
  • Login: cronokirby
  • Kind: user
  • Location: Seattle

"apprentice cryptographer"

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
  - family-names: Meier
    given-names: "Lúcás Críostóir"
title: "saferith"
version: 0.28.0
date-released: 2021-04-16
url: "https://github.com/cronokirby/saferith"

GitHub Events

Total
  • Issues event: 2
  • Watch event: 6
  • Issue comment event: 5
  • Push event: 2
  • Pull request review event: 1
  • Pull request event: 5
  • Fork event: 4
Last Year
  • Issues event: 2
  • Watch event: 6
  • Issue comment event: 5
  • Push event: 2
  • Pull request review event: 1
  • Pull request event: 5
  • Fork event: 4

Committers

Last synced: about 1 year ago

All Time
  • Total Commits: 326
  • Total Committers: 6
  • Avg Commits per committer: 54.333
  • Development Distribution Score (DDS): 0.043
Past Year
  • Commits: 3
  • Committers: 3
  • Avg Commits per committer: 1.0
  • Development Distribution Score (DDS): 0.667
Top Committers
Name Email Commits
Lúcás Meier c****y@g****m 312
marin thiercelin m****n@p****m 6
Adrian Hamelink a****k@g****m 5
Robert-André Mauchin z****m@g****m 1
Mike Crute m****e@c****s 1
Guoqi Chen c****i@l****n 1
Committer Domains (Top 20 + Academic)
loongson.cn: 1 crute.us: 1

Issues and Pull Requests

Last synced: 10 months ago

All Time
  • Total issues: 25
  • Total pull requests: 35
  • Average time to close issues: 19 days
  • Average time to close pull requests: 3 months
  • Total issue authors: 6
  • Total pull request authors: 8
  • Average comments per issue: 0.24
  • Average comments per pull request: 0.34
  • Merged pull requests: 32
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 1
  • Pull requests: 4
  • Average time to close issues: N/A
  • Average time to close pull requests: about 2 months
  • Issue authors: 1
  • Pull request authors: 2
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.0
  • Merged pull requests: 2
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • cronokirby (20)
  • ojacomarket (1)
  • adr1anh (1)
  • joshLong145 (1)
  • olof-nord (1)
  • Maytha8 (1)
Pull Request Authors
  • cronokirby (21)
  • adr1anh (3)
  • eclipseo (2)
  • abner-chenc (2)
  • mcrute (2)
  • Maytha8 (2)
  • marinthiercelin (2)
  • ericcornelissen (1)
Top Labels
Issue Labels
enhancement (15) documentation (1)
Pull Request Labels

Packages

  • Total packages: 1
  • Total downloads: unknown
  • Total docker downloads: 5,999,846
  • Total dependent packages: 53
  • Total dependent repositories: 13
  • Total versions: 33
proxy.golang.org: github.com/cronokirby/saferith
  • Versions: 33
  • Dependent Packages: 53
  • Dependent Repositories: 13
  • Docker Downloads: 5,999,846
Rankings
Dependent packages count: 0.8%
Docker downloads count: 1.2%
Dependent repos count: 1.5%
Average: 3.3%
Stargazers count: 4.7%
Forks count: 8.2%
Last synced: 10 months ago

Dependencies

go.mod go