[Cryptech Core] modexp optimization plans

[Basil Dolmatov]

dol@ с iPad

> 22 июня 2015 г., в 16:56, Peter Stuge <peter at stuge.se> написал(а):
> 
> Joachim Strömbergson wrote:
>>> 4194304 / 65536 = factor 64 doesn't seem huge to me. Typo?
>> 
>> 64 is huge increase in performance. It is difference in number of
>> operations, not cycles.
> 
> How many cycles are there per operation?
> 
> I was expecting cores to be single-cycle.
Never. 
> Thinking a bit more, I
> could have guessed that this is not the case based on the presence
> of a BUSY bit.
> 
> 
>>> Different size moduli still have different number of words. I think 
>>> completely data-independent constant-time execution is highly
>>> desirable.
>> 
>> Are you suggesting that all operations should fake a max size modulus
>> (8192) and always do that many operations.
> 
> Right, I think that should be the default.
> 
> 
>> Jakob can probably answer, bit I would find that solution to be
>> very uncommon even in $$$$ and certified HSMs.
> 
> Let's evaluate the idea based on merit, not based on decisions made
> in existing products. The reason for Cryptech is that existing
> products aren't good enough.
> 
> 
>>>> One could further optimize to find the MSB one of the exponent and
>>>> set the size to that. And then you could end up with data
>>>> dependent execution time.
>>> 
>>> It seems that this is already the case?
>> 
>> No, not at all.
> 
> If number of operations = time depends on modulus size then it is, right?
> 
> 
> //Peter
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core