clock_curve_math/extensible/
exponentiation.rs

1//! Exponentiation algorithms for modular exponentiation.
2//!
3//! This module provides various exponentiation algorithms optimized for
4//! different use cases and security requirements.
5
6/// Exponentiation algorithms for modular exponentiation.
7///
8/// This enum defines different algorithms for computing base^exponent mod modulus.
9/// Each algorithm offers different trade-offs between performance, memory usage,
10/// and resistance to timing attacks. Choose based on your security requirements
11/// and performance constraints.
12///
13/// # Performance Characteristics
14/// - **Binary**: Simple, good for small exponents, variable-time
15/// - **SlidingWindow**: Good balance, configurable window size
16/// - **MontgomeryLadder**: Constant-time, prevents timing attacks
17/// - **FixedWindow**: Precomputed tables, fastest for repeated operations
18///
19/// # Security Considerations
20/// - Use `MontgomeryLadder` for cryptographic applications requiring
21///   constant-time execution to prevent timing-based side-channel attacks
22/// - `Binary` and `SlidingWindow` may leak exponent bits through timing
23#[derive(Clone, Copy, Debug, PartialEq, Eq)]
24pub enum ExponentiationAlgorithm {
25    /// Binary exponentiation using the square-and-multiply algorithm.
26    ///
27    /// This is the simplest exponentiation method that processes each bit
28    /// of the exponent individually. For each exponent bit:
29    /// - If bit is 1: square the result and multiply by base
30    /// - If bit is 0: just square the result
31    ///
32    /// **Performance**: O(log exponent) operations
33    /// **Memory**: O(1) additional space
34    /// **Security**: Variable-time, may leak exponent through timing
35    /// **Best for**: Small exponents, non-cryptographic use
36    Binary,
37
38    /// Sliding window exponentiation with configurable window size.
39    ///
40    /// Uses a sliding window approach to reduce the number of multiplications
41    /// by precomputing powers of the base. The window size parameter controls
42    /// the trade-off between precomputation time and multiplication count.
43    ///
44    /// **Performance**: Better than binary for large exponents
45    /// **Memory**: O(2^window_size) precomputed values
46    /// **Security**: Variable-time, timing depends on exponent bits
47    /// **Best for**: General-purpose exponentiation with known window size
48    SlidingWindow(u32),
49
50    /// Montgomery ladder exponentiation (constant-time).
51    ///
52    /// A constant-time algorithm that always performs the same sequence
53    /// of operations regardless of the exponent bits. This prevents
54    /// timing-based side-channel attacks by ensuring both possible
55    /// code paths (multiply or square) are always executed.
56    ///
57    /// **Performance**: ~2x slower than binary exponentiation
58    /// **Memory**: O(1) additional space
59    /// **Security**: Constant-time, resistant to timing attacks
60    /// **Best for**: Cryptographic applications, secure exponentiation
61    MontgomeryLadder,
62
63    /// Fixed window exponentiation with precomputed power table.
64    ///
65    /// Precomputes all possible base^(odd values in window) and uses
66    /// a fixed window size for exponent processing. Most efficient for
67    /// repeated exponentiations with the same base or when precomputation
68    /// cost can be amortized.
69    ///
70    /// **Performance**: Fastest for repeated operations
71    /// **Memory**: O(2^window_size) precomputed values
72    /// **Security**: Variable-time, may leak exponent patterns
73    /// **Best for**: Batch exponentiation, same base used repeatedly
74    FixedWindow(u32),
75}