Hello all,
There’s a new release of Goldilocks up at
http://sourceforge.net/projects/ed448goldilocks/
As a reminder, Goldilocks is still experimental. Hopefully soon I can start to
finalize the interfaces, but not yet.
The new release brings a more organized source directory layout, more testing
and many bugfixes and improvements, along with support for 32-bit processors.
In particular, there is now vectorless ARM32 support. There may still be some
room for optimization here (especially in the squaring routine), but the
results are looking pretty OK:
On one core of a 1GHz Tegra2 ARM Cortex-A9 with no vector unit:
Goldilocks:
keygen: 1454.5µs
ecdh: 3610.4µs
sign: 1519.6µs
verify: 3715.9µs
Compare to OpenSSL 1.0.1 (it’s old, I know):
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan 8 20:59:11 UTC 2014
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial)
blowfish(ptr)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
-Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DAES_ASM -DGHASH_ASM
sign verify sign/s verify/s
256 bit ecdsa (nistp256) 0.0012s 0.0052s 839.6 190.8
384 bit ecdsa (nistp384) 0.0027s 0.0132s 371.5 75.7
op op/s
256 bit ecdh (nistp256) 0.0044s 226.0
384 bit ecdh (nistp384) 0.0112s 89.7
So Goldilocks is faster than (an old implementation of) NISTp256 except for key
generation and signing, where it is some 20% slower.
Cheers,
— Mike Hamburg_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves
