exp to var-time

Al-Kindi-0 · Nov 2, 2022 · eea409c · eea409c
1 parent 7cbf0bb
commit eea409c
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/math/src/field/f64/mod.rs b/math/src/field/f64/mod.rs
@@ -101,15 +101,20 @@ impl FieldElement for BaseElement {
 
     #[inline]
     fn exp(self, power: Self::PositiveInteger) -> Self {
-        let mut b: Self;
-        let mut r = Self::ONE;
-        for i in (0..64).rev() {
-            r = r.square();
-            b = r;
-            b *= self;
-            // Constant-time branching
-            let mask = -(((power >> i) & 1 == 1) as i64) as u64;
-            r.0 ^= mask & (r.0 ^ b.0);
+        let mut b = self;
+
+        if power == 0 {
+            return Self::ONE;
+        } else if b == Self::ZERO {
+            return Self::ZERO;
+        }
+
+        let mut r = if power & 1 == 1 { b } else { Self::ONE };
+        for i in 1..64 - power.leading_zeros() {
+            b = b.square();
+            if (power >> i) & 1 == 1 {
+                r *= b;
+            }
         }
 
         r