Positive value for ECC
NIIBE Yutaka
gniibe at fsij.org
Wed Apr 6 10:50:25 CEST 2016
On 04/05/2016 11:07 PM, Werner Koch wrote:
> On Tue, 5 Apr 2016 04:46, gniibe at fsij.org said:
>
>> I think that it's worth to keep the value as positive for ECC
>> computation (even if we don't enable GCRYPT_BARRETT).
>
> Agreed.
Note that I keep the values in domain_parms, so that computation of
keygrip will not be changed.
>> Here is a patch to keep the value positive in ECC computation.
>> I'm going to commit this if no objection.
>
> Okay. Can you also run tests to check whether there is any noticeable
> performance gain?
Here are results. This is taken by the second run of "benchmark"
program after the build.
=========================== Plain vanilla
$ ./benchmark ecc
Algorithm generate 100*priv 100*public
------------------------------------------------
ECDSA 192 bit 80ms 1960ms 2230ms
ECDSA 224 bit 110ms 2480ms 2810ms
ECDSA 256 bit 120ms 3060ms 3350ms
ECDSA 384 bit 250ms 6870ms 8020ms
ECDSA 521 bit 600ms 18380ms 21910ms
EdDSA Ed25519 40ms 4020ms 5980ms
GOST 256 bit 120ms 2950ms 3670ms
GOST 512 bit 570ms 17070ms 21290ms
===========================
=========================== With the patch
$ ./benchmark ecc
Algorithm generate 100*priv 100*public
------------------------------------------------
ECDSA 192 bit 70ms 1960ms 2170ms
ECDSA 224 bit 90ms 2480ms 2790ms
ECDSA 256 bit 110ms 3020ms 3380ms
ECDSA 384 bit 230ms 6900ms 7960ms
ECDSA 521 bit 590ms 18450ms 21190ms
EdDSA Ed25519 40ms 4220ms 5800ms
GOST 256 bit 110ms 2920ms 3530ms
GOST 512 bit 580ms 17210ms 20940ms
===========================
No noticeable difference, so far.
Given the condition that values are positive, it will be possible to
improve smaller memory footprint for the computation (at least for
MPI_EC_MONTGOMERY).
--
More information about the Gcrypt-devel
mailing list