On 9/18/15 6:15 AM, D. J. Bernstein wrote: > Trevor Perrin writes: >> - FourQ is a little faster (~10%) than 25519 without endomorphisms > > Maybe, but for such small differences one has to look very carefully at > what exactly is being measured (e.g., is point validation included? what > exactly are the assumptions on the input and output?) and of course also > the quantitative security level (2^122.5 vs. 2^125.8---one expects this > to have a close-to-cubic effect).
On the other hand, 25519 has received more optimization over the years, and Tung Chou's implementation uses more assembly than FourQLib [1,2]. Considering this, MSR's overall estimate of 2-3x speedup (with endomorphisms) for variable-base ops vs 25519 seems reasonable, even though the speedup wrt Tung on SB/IB is only 2.1 - 2.2. I guess we'll get more information over time. Trevor [1] https://sites.google.com/a/crypto.tw/blueprint/ [2] http://research.microsoft.com/en-us/projects/fourqlib/ _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
