www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Update on big integers

reply Arcane Jill <Arcane_member pathlink.com> writes:
The version of Deimos on dsource can now avoid using garbage collected memory
for senstive data in big integers (Ints). Thanks to Walter's new default values,
you only have to add an extra constructor parameter: Int.Sensitivity.PRIVATE.
Like this:

    Int publicKey = new Int(4);                          // not secret
    Int secretKey = new Int(43,Int.Sensitivity.PRIVATE); // secret

Secret data will always be wiped after use, and will never be handed to the garbage collector (since in future, the GC might copy things around, without wiping the original). Sensitivity propogates through calculations. For example, if you do (a+b) and either a or b are sensitive, the sum is will also be sensitive. Sensitive Ints are going to be slower than normal ones, but that's okay because they are only used in specialized fields (e.g. crypto). Also, now that we have the package attribute, I've reorganized everything into one package. This means you now have to import etc.bigint.bigint instead of just etc.bigint. Arcane Jill
Jun 10 2004
parent reply David L. Davis <SpottedTiger yahoo.com> writes:
In article <caajsa$1tbp$1 digitaldaemon.com>, Arcane Jill says...
The version of Deimos on dsource can now avoid using garbage collected memory
for senstive data in big integers (Ints). Thanks to Walter's new default values,
you only have to add an extra constructor parameter: Int.Sensitivity.PRIVATE.
Like this:

    Int publicKey = new Int(4);                          // not secret
    Int secretKey = new Int(43,Int.Sensitivity.PRIVATE); // secret

Secret data will always be wiped after use, and will never be handed to the garbage collector (since in future, the GC might copy things around, without wiping the original). Sensitivity propogates through calculations. For example, if you do (a+b) and either a or b are sensitive, the sum is will also be sensitive. Sensitive Ints are going to be slower than normal ones, but that's okay because they are only used in specialized fields (e.g. crypto). Also, now that we have the package attribute, I've reorganized everything into one package. This means you now have to import etc.bigint.bigint instead of just etc.bigint. Arcane Jill

Jill: By "Update on big integers", do you mean there's a Deimos.lib or a zipfile at http://www.dsource.org/ in maybe the "Projects->Deimos->Downland" area, if so, I don't see one. Could you please turn me around, and please point me into the right direction for downloading your newest version of the BigInt Package. :) Also I seem to remember that you had a very nice web-page about BigInt, could you point me to that one as well. Thxs!! ( <note to self>...Save the links to these spots this time.</note to self> :P ) P.S. I'm looking froward to seeing what you and Hauke come up with to solve "D's" lack of a real unicode string/character library. BTW, will this code go into Deimos also? ------------------------------------------------------------------- "Dare to reach for the Stars...Dare to Dream, Build, and Achieve!"
Jun 10 2004
next sibling parent reply hellcatv hotmail.com writes:
I don't like wasting an int on whether or not my bigint is secret
it's also not a good idea to have that info stored in a class (which may be
casted to something else and have the privacy taken out of it)

and also it breaks the linux build cus it uses the default arguments :-/

I think this should be done with a template argument to the Int class :-)

that way you also can tell from the type if it's secure or not! :-)

feel free to disagree...course the default arg can be gotten around with another
arg

In article <cab334$2j2h$1 digitaldaemon.com>, David L. Davis says...
In article <caajsa$1tbp$1 digitaldaemon.com>, Arcane Jill says...
The version of Deimos on dsource can now avoid using garbage collected memory
for senstive data in big integers (Ints). Thanks to Walter's new default values,
you only have to add an extra constructor parameter: Int.Sensitivity.PRIVATE.
Like this:

    Int publicKey = new Int(4);                          // not secret
    Int secretKey = new Int(43,Int.Sensitivity.PRIVATE); // secret

Secret data will always be wiped after use, and will never be handed to the garbage collector (since in future, the GC might copy things around, without wiping the original). Sensitivity propogates through calculations. For example, if you do (a+b) and either a or b are sensitive, the sum is will also be sensitive. Sensitive Ints are going to be slower than normal ones, but that's okay because they are only used in specialized fields (e.g. crypto). Also, now that we have the package attribute, I've reorganized everything into one package. This means you now have to import etc.bigint.bigint instead of just etc.bigint. Arcane Jill

Jill: By "Update on big integers", do you mean there's a Deimos.lib or a zipfile at http://www.dsource.org/ in maybe the "Projects->Deimos->Downland" area, if so, I don't see one. Could you please turn me around, and please point me into the right direction for downloading your newest version of the BigInt Package. :) Also I seem to remember that you had a very nice web-page about BigInt, could you point me to that one as well. Thxs!! ( <note to self>...Save the links to these spots this time.</note to self> :P ) P.S. I'm looking froward to seeing what you and Hauke come up with to solve "D's" lack of a real unicode string/character library. BTW, will this code go into Deimos also? ------------------------------------------------------------------- "Dare to reach for the Stars...Dare to Dream, Build, and Achieve!"

Jun 10 2004
parent reply Arcane Jill <Arcane_member pathlink.com> writes:
In article <cab6qa$2o86$1 digitaldaemon.com>, hellcatv hotmail.com says...
I don't like wasting an int on whether or not my bigint is secret

You could be right. I didn't really see a problem with that myself at the time, but I guess I was in a bit of a hurry.
it's also not a good idea to have that info stored in a class (which may be
casted to something else and have the privacy taken out of it)

I think that's not the case. This was intended to be protection from the garbage collector and the operating system, not from hackers. Anyone who can dereference the reference can access the data anyway. If your machine has been compromised, you have no security, period.
and also it breaks the linux build cus it uses the default arguments :-/

I didn't know that Linux didn't have default arguments. I could make a version(linux), I suppose, but I would have thought that giving default arguments to Linux would be on Walter's agenda.
I think this should be done with a template argument to the Int class :-)
that way you also can tell from the type if it's secure or not! :-)

I will certainly bear that in mind for the future. I'd probably do it without templates though (as in, just make two classes, Int and SensitiveInt, with SensitiveInt a subclass of Int).
feel free to disagree...course the default arg can be gotten around with another
arg

Phew! I don't actually disagree. I just think I've been rushing things a bit recently, thinking manically about all these garbage collector issues, and hobbled together something that worked. What I really need to do now is take a break, leave it for a bit, and mull over the options. That usually makes things a lot clearer, and I can recode it when I get round to it, which, realistically, probably won't be for another couple of weeks. Arcane Jill
Jun 11 2004
parent Daniel Horn <hellcatv hotmail.com> writes:
subclass seems fine...just don't make too many things virtual :-)
personally I'm a huge template fan because that alters the type and 
brings with it all the type safety (what if I by mistake made an int 
without the protection stuff and added it to an int with the protection 
stuff--should be a compile time thing instead of a seamless cast... 
otherwise people could get at the info)

so ya I'm an advocate of the typing system..
if you do it with subclassing be sure not to sacrifice any performance :-)

when I said linux can do defaults with another arg I mean another 
constructor

this (int, bool)  {...}
this (int i) {this(i,true);}

like so


so ya take a break.  let me know when it's not using the default args 
and so forth so I can get back to using it :-)
My big deadline is over--so I'm not too much in a hurry either

Arcane Jill wrote:
 In article <cab6qa$2o86$1 digitaldaemon.com>, hellcatv hotmail.com says...
 
I don't like wasting an int on whether or not my bigint is secret

You could be right. I didn't really see a problem with that myself at the time, but I guess I was in a bit of a hurry.
it's also not a good idea to have that info stored in a class (which may be
casted to something else and have the privacy taken out of it)

I think that's not the case. This was intended to be protection from the garbage collector and the operating system, not from hackers. Anyone who can dereference the reference can access the data anyway. If your machine has been compromised, you have no security, period.
and also it breaks the linux build cus it uses the default arguments :-/

I didn't know that Linux didn't have default arguments. I could make a version(linux), I suppose, but I would have thought that giving default arguments to Linux would be on Walter's agenda.
I think this should be done with a template argument to the Int class :-)
that way you also can tell from the type if it's secure or not! :-)

I will certainly bear that in mind for the future. I'd probably do it without templates though (as in, just make two classes, Int and SensitiveInt, with SensitiveInt a subclass of Int).
feel free to disagree...course the default arg can be gotten around with another
arg

Phew! I don't actually disagree. I just think I've been rushing things a bit recently, thinking manically about all these garbage collector issues, and hobbled together something that worked. What I really need to do now is take a break, leave it for a bit, and mull over the options. That usually makes things a lot clearer, and I can recode it when I get round to it, which, realistically, probably won't be for another couple of weeks. Arcane Jill

Jun 11 2004
prev sibling parent reply Arcane Jill <Arcane_member pathlink.com> writes:
In article <cab334$2j2h$1 digitaldaemon.com>, David L. Davis says...

Jill: By "Update on big integers", do you mean there's a Deimos.lib or a zipfile
at http://www.dsource.org/ in maybe the "Projects->Deimos->Downland" area, if
so, I don't see one.

Forgive me, I'm new to dsource and subversion, and haven't quite figured out how to put everything in the right place. I'll try to sort all that out over the weekend, if I can. But there are Windows libraries at http://svn.dsource.org/svn/projects/deimos/downloads/libs/Win32/ and the source code should be visible at http://svn.dsource.org/svn/projects/deimos/trunk/. The HTML documentation unfortunately comes out as HTML source, but I'm probably not going to update it any more because I'm going to re-document the project using doxygen (once I've learned how to do THAT). Hopefully, by the time I've finished, there's just be zip file or two to download and then it will be easy.
P.S. I'm looking froward to seeing what you and Hauke come up with to solve
"D's" lack of a real unicode string/character library. BTW, will this code go
into Deimos also?

Yes. Although obviously, I can only speak for myself. It's up to Hauke what happens to Hauke's code, though I imagine that if we're collaborating then it will all end up in the same place. (Note that C++ /also/ lacks a real Unicode library, by the way, and Java's is crippled by 16-bit chars. D isn't exactly behind, here). Arcane Jill
Jun 11 2004
parent David L. Davis <SpottedTiger yahoo.com> writes:
Jill: Thxs! :)

-------------------------------------------------------------------
"Dare to reach for the Stars...Dare to Dream, Build, and Achieve!"
Jun 11 2004