Scatter-gather leaks information via 4k aliasing, so how much worse can it get? However scan-and-mask used to be very expensive for RSA. I think it would have an acceptable performance cost nowadays. In fact I have some ideas in that regard.
Note that I'm worried that we'll need to redo the way modular exponentiation for RSA signing is done in *ring*. I'm looking forward to the TLBleed presentation but even if TLBleed doesn't indicate a problem, I still question the scatter-gather approach to table lookups.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.