On Fri, Dec 9, 2016 at 10:52 AM, Mike Hamburg <m...@shiftleft.org> wrote: > OK, I’ve released my tiny x25519 code as open source.
Do you think it would be worth proving equivalence of your code with another implementation, such as -donna? If so, how similar are the structures and fundamental operations? -Thomas > This is the > platform-agnostic version. The ARM asm version isn’t there, it’s staying > proprietary for now :-/. But you can get most of the effect by > intrinsic’ing umaal and friends. > > https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.c > https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.h > > Presumably this code could be accelerated somewhat by using a dedicated > sqr() routine, or by unrolling loops and inlining code. Maybe I’ll get > around to that at some point, but there’s a bunch more to be done with that > repository to make it useful. > > These files also have a totally nonstandard signature implementation, the > only real advantage of which is that it adds very little code. > > Let me know what you think, or if you find any bugs or missing features. > > Cheers, > — Mike > > On Nov 9, 2016, at 4:13 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > I just tried out the so called "tweet nacl implementation", because it > has very tiny stack requirements. It was 26 times slower than donna. > Wow! > > > > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves > _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves