Paper 2021/1121

Constant-Time Arithmetic for Safer Cryptography

Lúcás Críostóir Meier, Simone Colombo, Marin Thiercelin, and Bryan Ford


The humble integers, $\mathbb{Z}$, are the backbone of many cryptosystems. When bridging the gap from theoretical systems to real-world implementations, programmers often look towards general purpose libraries to implement the arbitrary-precision arithmetic required. Alas, these libraries are often conceived without cryptography in mind, leaving applications potentially vulnerable to timing attacks. To address this, we present saferith, a library providing safer arbitrary-precision arithmetic for cryptography, through constant-time operations. The main challenge was in designing an API to provide this functionality alongside these stronger constant-time guarantees. We benchmarked the performance of our library against Go's big.Int library, and found an acceptable slowdown of only 2.56x for modular exponentiation, the most expensive operation. Our library was also used to implement a variety cryptosystems and applications, in collaboration with industrial partners ProtonMail and Taurus. Porting implementations to use our library is relatively easy: it took the first author under 8 hours to port Go's implementation of P-384.

Available format(s)
Publication info
constant-timeelliptic curve cryptosystemDSAimplementationtiming attackRSA
Contact author(s)
lucascriostoir meier @ epfl ch
2021-09-03: received
Short URL
Creative Commons Attribution


      author = {Lúcás Críostóir Meier and Simone Colombo and Marin Thiercelin and Bryan Ford},
      title = {Constant-Time Arithmetic for Safer Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1121},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.