diff --git a/GHC/Integer/GMP/Internals.hs b/GHC/Integer/GMP/Internals.hs
index b80840b8af013cd9c6b42c3ee38b2a0b6f651dc2..f1aec518f3a3212224ad7f392c415152f4694d2c 100644
--- a/GHC/Integer/GMP/Internals.hs
+++ b/GHC/Integer/GMP/Internals.hs
@@ -1,6 +1,6 @@
{-# LANGUAGE NoImplicitPrelude #-}
-module GHC.Integer.GMP.Internals (Integer(..), gcdInt, gcdInteger, gcdExtInteger, lcmInteger, powInteger, powModInteger, recipModInteger)
+module GHC.Integer.GMP.Internals (Integer(..), gcdInt, gcdInteger, gcdExtInteger, lcmInteger, powInteger, powModInteger, powModSecInteger, recipModInteger)
where
import GHC.Integer.Type
diff --git a/GHC/Integer/GMP/Prim.hs b/GHC/Integer/GMP/Prim.hs
index 401855b7e3bdbe5fd21b0cb4277d38bb459c1af7..0fd1b32be0e15cf5f4c6a20827da2475c6cfcc6f 100644
--- a/GHC/Integer/GMP/Prim.hs
+++ b/GHC/Integer/GMP/Prim.hs
@@ -43,6 +43,7 @@ module GHC.Integer.GMP.Prim (
powInteger#,
powModInteger#,
+ powModSecInteger#,
recipModInteger#,
#if WORD_SIZE_IN_BITS < 64
@@ -196,6 +197,11 @@ foreign import prim "integer_cmm_powIntegerzh" powInteger#
foreign import prim "integer_cmm_powModIntegerzh" powModInteger#
:: Int# -> ByteArray# -> Int# -> ByteArray# -> Int# -> ByteArray# -> (# Int#, ByteArray# #)
+-- |
+--
+foreign import prim "integer_cmm_powModSecIntegerzh" powModSecInteger#
+ :: Int# -> ByteArray# -> Int# -> ByteArray# -> Int# -> ByteArray# -> (# Int#, ByteArray# #)
+
-- |
--
foreign import prim "integer_cmm_recipModIntegerzh" recipModInteger#
diff --git a/GHC/Integer/Type.lhs b/GHC/Integer/Type.lhs
index 6e13eb508986c13af23f5c570db4c52966c5139b..5ff79ab68757bfac51e070937bdb31cbde175905 100644
--- a/GHC/Integer/Type.lhs
+++ b/GHC/Integer/Type.lhs
@@ -45,7 +45,7 @@ import GHC.Integer.GMP.Prim (
int2Integer#, integer2Int#, word2Integer#, integer2Word#,
andInteger#, orInteger#, xorInteger#, complementInteger#,
testBitInteger#, mul2ExpInteger#, fdivQ2ExpInteger#,
- powInteger#, powModInteger#, recipModInteger#,
+ powInteger#, powModInteger#, powModSecInteger#, recipModInteger#,
#if WORD_SIZE_IN_BITS < 64
int64ToInteger#, integerToInt64#,
word64ToInteger#, integerToWord64#,
@@ -616,6 +616,20 @@ powModInteger (J# s1 d1) (J# s2 d2) (J# s3 d3) =
(# s', d' #) -> J# s' d'
powModInteger b e m = powModInteger (toBig b) (toBig e) (toBig m)
+-- | @powModSecInteger b e m@ computes base @b@ raised to exponent @e@
+-- modulo @m@. It is required that @e@ > 0 and @m@ is odd.
+--
+-- This is a \"secure\" variant of 'powModInteger' using the
+-- @mpz_powm_sec()@ function which is designed to be resilient to side
+-- channel attacks and is therefore intended for cryptographic
+-- applications.
+{-# NOINLINE powModSecInteger #-}
+powModSecInteger :: Integer -> Integer -> Integer -> Integer
+powModSecInteger (J# s1 d1) (J# s2 d2) (J# s3 d3) =
+ case powModSecInteger# s1 d1 s2 d2 s3 d3 of
+ (# s', d' #) -> J# s' d'
+powModSecInteger b e m = powModSecInteger (toBig b) (toBig e) (toBig m)
+
-- | @recipModInteger x m@ computes the inverse of @x@ modulo @m@. If
-- the inverse exists, the return value @y@ will satisfy @0 < y <
-- abs(m)@, otherwise the result is 0.
diff --git a/cbits/gmp-wrappers.cmm b/cbits/gmp-wrappers.cmm
index 68e6485a7b30f5d6204f9a6e553a8ba1ae58e608..aadd13493b3c8e00166050ee2d6a2520bcc68418 100644
--- a/cbits/gmp-wrappers.cmm
+++ b/cbits/gmp-wrappers.cmm
@@ -52,6 +52,7 @@ import "integer-gmp" __gmpz_ior;
import "integer-gmp" __gmpz_com;
import "integer-gmp" __gmpz_pow_ui;
import "integer-gmp" __gmpz_powm;
+import "integer-gmp" __gmpz_powm_sec;
import "integer-gmp" __gmpz_invert;
import "integer-gmp" integer_cbits_decodeDouble;
@@ -437,6 +438,7 @@ GMP_TAKE2_RET2(integer_cmm_quotRemIntegerzh, __gmpz_tdiv_qr)
GMP_TAKE2_RET2(integer_cmm_divModIntegerzh, __gmpz_fdiv_qr)
GMP_TAKE3_RET1(integer_cmm_powModIntegerzh, __gmpz_powm)
+GMP_TAKE3_RET1(integer_cmm_powModSecIntegerzh, __gmpz_powm_sec)
GMP_TAKE2_RET1(integer_cmm_recipModIntegerzh, __gmpz_invert)
GMP_TAKE1_UL1_RET1(integer_cmm_powIntegerzh, __gmpz_pow_ui)