[Cryptech Tech] EC benchmarks on the STM32

Warren Kumari warren at kumari.net
Fri Sep 11 13:52:49 UTC 2015


On Friday, September 11, 2015, Joachim Strömbergson <joachim at secworks.se>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Aloha!
>
> FYI: I stumbled upon some interesting EC-benchmarks on different ARM MCU
> architectures (M0 -> M4). Some of them are basically the same as the one
> we are targeting on the Alpha board (albeit with lower clock freq).
>
> https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf
>
>

Huh, so I haven't thought this through fully, but if we have the same
performance in the CPU, perhaps it makes sense to do some of the operations
there *as well*, and compare the results? I'm thinking things that don't
touch secret keys, and we compare the outputs of the FPGA and CPU, and this
all sorts of alerts if they differ. This may help counter fault injection
attacks and help provide additional faith in our implementation as well...

Or, the added complexity may make things much more fragile and this may be
a bad idea...
?
W


> There some weirdness in the preso. The performance from the same SW as
> measuered on the same architecture (but chips from different chips)
> differs closer to 2x with the difference in clock speed. But there are
> quite a lot of good stuff in the preso.
>
> And yes, Curve25519 is waay faster. The Donna implementation is what
> I've used on a Cortex-M0.
> - --
> Med vänlig hälsning, Yours
>
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
>  Joachim Strömbergson          Secworks AB          joachim at secworks.se
> <javascript:;>
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCAAGBQJV8n+7AAoJEF3cfFQkIuyNxpYP/j7vWaa4YaVjdr3VQ3UazmDq
> k2+PplFoJ+f8Wuhkli+7EnmK85fcMWs7WaDZW4JvaM8ewSPB+54M3Xo4v+Mmmu1k
> HBYJDgG78jgAcDJCZB8JC5NLPDHcYis6aOWHCzyfLAOqlJqWgCoiedJE1YH782Ra
> 3j8OWkr3JDEUya9CkRTG3CR4iS5eTCrFyfUpHG8TYiwMD88c8uAOVc5kDMTrw/rX
> Se1X6eV4yU4ApRWcDOKBR7pJNmZEXPC5pA9h9Pe1nwRa00IcDJ+CaQHdpbfGmzvw
> phxT1ORs0eHbtaB1f49LyjnmHlAH9QkwRNmZ40gTmQ14g3EryqwUYegHSJ+w9yVS
> Xfu44oejydgXG+pXMk5gafQJM23PPcXKk1BRSt9fGfhUPEW/VG3gIOcHhV68jzan
> OpvR6bQfDCdV1ZlDqrglufvMKEBi/Ym+yEc6VxqRicQQvc30JTEZxbf2upvx2Lgu
> D/GjfDjPu/pDFzEv9jjZSBx999N7/MVi0FLsnWKN0ccQwltthjPayD+rkt0b7593
> /MWdHv8refUN59rTKwQL/xh0S3MqxikMqpWGr0nW/1HFHnvhod8SP3gehSriOJ+i
> 0d/WpvTMd12WJ/CbNLy2bBB6AkeNsGljYbXSYcC+AoIXGuzXF8XV6CyEhajRr/is
> iCMEIcX7++jJS/169APo
> =DnJA
> -----END PGP SIGNATURE-----
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is <javascript:;>
> https://lists.cryptech.is/listinfo/tech
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20150911/2d6d13c1/attachment.html>


More information about the Tech mailing list