Expand description
Big integer arithmetic for RSA (up to ~4096-bit numbers).
Represents large integers as little-endian Vec<u64> limbs.
Provides addition, subtraction, multiplication, division, modular
exponentiation (Montgomery ladder), extended GCD, and Miller-Rabin
primality. BigInt is the underlying storage for every component
of super::rsa::RsaPublicKey and super::rsa::RsaSecretKey
and the workhorse of every operation in super::pkcs1,
super::oaep and super::pss.
§Side-channel posture
Roadmap item T1-E (see arcana/doc/sca/countermeasures/ rsa.rst): the operations below need a CT audit before the
evaluation pass, with the same core::hint::black_box shielding
pattern as super::super::ecc::field (commit 76191c1).
| Operation | Risk | Action |
|---|---|---|
cmp / cmp_le | Variable-iteration limb-by-limb compare leaks bits | Rewrite to borrow-only branchless pattern |
montgomery_mul | Conditional final subtract leaks (Walter 2002) | Apply black_box mask shielding |
pow_mod | Square-and-multiply must be square-always | Validate Fermat ladder structure + black_box |
mod_inv (extended GCD) | Variable-time GCD historically Minerva target | Prefer Fermat (a^(p-2) mod p) for prime moduli |
sub / add | Borrow / carry propagation | Confirm fixed iteration count |
Once T1-E lands the layers above (RSA-CRT decrypt, PKCS#1,
OAEP, PSS) inherit a CT bigint base; combined with T1-C
Aumüller and T2-I message blinding it gives the full
evaluation-grade RSA stack.
Structs§
- BigInt
- A big unsigned integer stored as little-endian 64-bit limbs.
- Mont
Params - Parameters for Montgomery modular arithmetic.