On Mon, Jun 30, 2014 at 3:08 AM, Samuel Neves <[email protected]> wrote: > I've fixed up the 256-bit arithmetic to run on Linux; the arithmetic and > curve arithmetic tests pass, at least. The > assembly code has a few extra instructions at the top of each function to > adjust the arguments to the correct calling > convention, so there may be a slight slowdown compared to the original. > > Here are the results on Sandy Bridge, compiled with gcc-4.8 -O3 > -march=corei7-avx:
Thanks! Looks pretty close to what's already in the spreadsheet, i.e. you reported 283.5 Kcycles and (the Weierstrass curve) and 229.5 Kcycles (Edwards), whereas the spreadsheet has 281 and 234. So I think it's still still slower than 25519. I wonder about the "nature vs nurture" question: is it inherently a slower curve (harder for field reduction?) or just less optimized? Also, 384 and 512 numbers would be awesome to get, to see if it challenges Goldlilocks yet... Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
