Re: [curves] new 25519 measurements of formally verified implementations

2018-02-23 Thread Armando Faz Hernández
Quoting "Jason A. Donenfeld" : Hi Armando, I've started importing your precomputation implementation into kernel space for use in kbench9000 (and in WireGuard and the kernel crypto library too, of course). - The first problem remains the license. The kernel requires

Re: [curves] new 25519 measurements of formally verified implementations

2018-02-01 Thread Jason A. Donenfeld
Hi Armando, I've started importing your precomputation implementation into kernel space for use in kbench9000 (and in WireGuard and the kernel crypto library too, of course). - The first problem remains the license. The kernel requires GPLv2-compatible code. GPLv3 isn't compatible with GPLv2.

Re: [curves] new 25519 measurements of formally verified implementations

2018-02-01 Thread Jason A. Donenfeld
Hi Armando, Sure, I'll have a look at this. I've also found https://github.com/armfazh/hp-ecc-vec . Is this the code related to your 2015 paper entitled, "Fast Implementation of Curve25519 Using AVX2"? Or the presentation Dan mentioned a few posts up? Or both at once? Also, would you consider

Re: [curves] new 25519 measurements of formally verified implementations

2018-01-31 Thread Jason A. Donenfeld
I've loaded in fiat64 into the latest kbench curve testing branch, and it seems to be the fastest generic C version, at least on my Skylake laptop, inching out slightly in front of hacl64: donna64: 121790 cycles per call hacl64: 109782 cycles per call fiat64: 108984 cycles per call sandy2x:

Re: [curves] new 25519 measurements of formally verified implementations

2018-01-27 Thread Jason A. Donenfeld
Hey Dan, Thanks for the pointer and the link to the slides. I've heard about this implementation before, but I was never able to get a hold of the source to try it out. I just emailed him to see if it's available somewhere. Looks like there's a conference paper from Latincrypt 2015 that describes

Re: [curves] new 25519 measurements of formally verified implementations

2018-01-26 Thread D. J. Bernstein
Tung Chou's sandy2x code was (as the name suggests) optimized for Sandy Bridge. For Haswell and Skylake, the slides from Julio Lopez in https://hyperelliptic.org/tanja/lc17/ascrypto.html report two followup implementations producing roughly 25% speedups for Curve25519; see slide 67/83. I do