diff --git a/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c index 65f458dc..cb01a001 100644 --- a/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt12/leaktime/gf2x_arith_mod_xPplusOne.c @@ -223,7 +223,7 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) gf2x_cswap(f, g, swap); gf2x_cswap(v, r, swap); - g0_mask = -lsb(g); + g0_mask = ~lsb(g) + 1; // g = (g - g0 * f) / x gf2x_mult_scalar_acc(g, f, g0_mask); diff --git a/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c index a525d535..b459ea1b 100644 --- a/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt32/leaktime/gf2x_arith_mod_xPplusOne.c @@ -221,7 +221,7 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) gf2x_cswap(f, g, swap); gf2x_cswap(v, r, swap); - g0_mask = -lsb(g); + g0_mask = ~lsb(g) + 1; // g = (g - g0 * f) / x gf2x_mult_scalar_acc(g, f, g0_mask); diff --git a/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c index e17e5cbb..020880ae 100644 --- a/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt52/leaktime/gf2x_arith_mod_xPplusOne.c @@ -221,7 +221,7 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) gf2x_cswap(f, g, swap); gf2x_cswap(v, r, swap); - g0_mask = -lsb(g); + g0_mask = ~lsb(g) + 1; // g = (g - g0 * f) / x gf2x_mult_scalar_acc(g, f, g0_mask);