From 624259deea0c52c54626ac3821c2c47d3e74c599 Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Tue, 28 Mar 2017 05:46:15 +0900
Subject: [PATCH] constTime version of GLV for G1

---
 include/mcl/bn.hpp | 28 +++++++++++++++++++---------
 include/mcl/ec.hpp |  2 +-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp
index aba9be4..25305b4 100644
--- a/include/mcl/bn.hpp
+++ b/include/mcl/bn.hpp
@@ -255,7 +255,7 @@ struct GLV {
 		a += b;
 		b = t - b;
 	}
-	void mul(G1& Q, G1 P, mpz_class x) const
+	void mul(G1& Q, G1 P, mpz_class x, bool constTime = false) const
 	{
 		x %= r;
 		if (x == 0) {
@@ -324,14 +324,25 @@ struct GLV {
 		tbl[2] = P; tbl[2].normalize();
 		tbl[3] = A + P; tbl[3].normalize();
 		Q.clear();
-		for (int i = (int)n - 1; i >= 0; i--) {
-			G1::dbl(Q, Q);
-			bool ai = mcl::gmp::testBit(a, i);
-			bool bi = mcl::gmp::testBit(b, i);
-			unsigned int c = bi * 2 + ai;
-			if (c > 0) {
+		if (constTime) {
+			tbl[0] = tbl[1];
+			for (int i = (int)n - 1; i >= 0; i--) {
+				G1::dbl(Q, Q);
+				bool ai = mcl::gmp::testBit(a, i);
+				bool bi = mcl::gmp::testBit(b, i);
+				unsigned int c = bi * 2 + ai;
 				Q += tbl[c];
 			}
+		} else {
+			for (int i = (int)n - 1; i >= 0; i--) {
+				G1::dbl(Q, Q);
+				bool ai = mcl::gmp::testBit(a, i);
+				bool bi = mcl::gmp::testBit(b, i);
+				unsigned int c = bi * 2 + ai;
+				if (c > 0) {
+					Q += tbl[c];
+				}
+			}
 		}
 #endif
 #else
@@ -476,11 +487,10 @@ struct BNT {
 	static Param param;
 	static void mulArrayGLV(G1& z, const G1& x, const mcl::fp::Unit *y, size_t yn, bool isNegative, bool constTime)
 	{
-		(void)constTime;
 		mpz_class s;
 		mcl::gmp::setArray(s, y, yn);
 		if (isNegative) s = -s;
-		param.glv.mul(z, x, s);
+		param.glv.mul(z, x, s, constTime);
 	}
 	static void init(const mcl::bn::CurveParam& cp = CurveFp254BNb, fp::Mode mode = fp::FP_AUTO)
 	{
diff --git a/include/mcl/ec.hpp b/include/mcl/ec.hpp
index f1c2e90..40bbe61 100644
--- a/include/mcl/ec.hpp
+++ b/include/mcl/ec.hpp
@@ -770,7 +770,7 @@ public:
 	bool operator<=(const EcT& rhs) const { return !operator>(rhs); }
 	static inline void mulArray(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime = false)
 	{
-		if (!constTime && mulArrayGLV && yn * 2 > Fp::BaseFp::getOp().N) {
+		if (mulArrayGLV && yn * 2 > Fp::BaseFp::getOp().N) {
 			mulArrayGLV(z, x, y, yn, isNegative, constTime);
 			return;
 		}