deletions | additions       diff --git a/untitled.tex b/untitled.tex  index c78e46f..338fafc 100644  --- a/untitled.tex  +++ b/untitled.tex 
...
where $h$ is the cofactor of the curve, and is usually a small power of 2. What this implies is that $n \approx p/h$, and if the upper bits of $p$ have a sparse structure, then the upper bits of $n$ will also have a sparse structure. In other words, if $r < \sqrt{p}$, then some of the bits of $rh+k$ will be strongly correlated to be bits of $k$, and hence this blinding operation does leak some information about $k$. This would appear to imply that primes with special structure would require significantly larger $r$ values than random primes.  - Side channel attacks  - Scalar randomizatoin  - Why the straight-forward approach doesn't work  \section{Scalar randomization with fields with special structure}  - Radix arithemetic  - Non-power of 2