On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg <[email protected]> wrote: > Nick, were you planning on using djb's qhasm code, or the C version > (curve25519-donna)? (A quick look at the latter suggests it's doing > left-to-right, so some changes would still be required, but not evil > assembly ones.
donna is much faster than the reference implementation on 64-bit, but much slower at 32-bit. The reference implementation was, indeed, derived from a qhasm source, although I don't have it. (donna was only intended to work on 64-bit systems, the 32-bit version is just for completeness.) Since both use Montgomery's trick for operating in the group, it's not clear that either are amenable to implementing simultaneous exponentiation. However, curve25519 is generally sufficiently fast that calling it twice is still faster than a simultaneous exponentiation on other curves: http://www.imperialviolet.org/2010/12/21/eccspeed.html Cheers AGL -- Adam Langley [email protected] http://www.imperialviolet.org _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
