[Cryptech Core] modexp optimization plans
Basil Dolmatov
dol at reedcat.net
Mon Jun 22 17:30:02 UTC 2015
dol@ с iPad
> 22 июня 2015 г., в 16:56, Peter Stuge <peter at stuge.se> написал(а):
>
> Joachim Strömbergson wrote:
>>> 4194304 / 65536 = factor 64 doesn't seem huge to me. Typo?
>>
>> 64 is huge increase in performance. It is difference in number of
>> operations, not cycles.
>
> How many cycles are there per operation?
>
> I was expecting cores to be single-cycle.
Never.
> Thinking a bit more, I
> could have guessed that this is not the case based on the presence
> of a BUSY bit.
>
>
>>> Different size moduli still have different number of words. I think
>>> completely data-independent constant-time execution is highly
>>> desirable.
>>
>> Are you suggesting that all operations should fake a max size modulus
>> (8192) and always do that many operations.
>
> Right, I think that should be the default.
>
>
>> Jakob can probably answer, bit I would find that solution to be
>> very uncommon even in $$$$ and certified HSMs.
>
> Let's evaluate the idea based on merit, not based on decisions made
> in existing products. The reason for Cryptech is that existing
> products aren't good enough.
>
>
>>>> One could further optimize to find the MSB one of the exponent and
>>>> set the size to that. And then you could end up with data
>>>> dependent execution time.
>>>
>>> It seems that this is already the case?
>>
>> No, not at all.
>
> If number of operations = time depends on modulus size then it is, right?
>
>
> //Peter
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core
More information about the Core
mailing list