[Cryptech Tech] EC benchmarks on the STM32

[Hannes Tschofenig]

Hi Pavel, Hi Joachim

I double-checked the results from the slide again and they are correct.

I agree with Pavel that the performance depends on more than the CPU
type and the Mhz. What is the reason for the performance difference in
this specific case is unknown to me (although I would like to know). I
took a quick look at the data sheets did not give me a hint either.

Maybe someone has time for an detailed investigation.

Ciao
Hannes



On 09/12/2015 12:49 AM, Павел Шатов wrote:
> On 11.09.2015 10:16, Joachim Strömbergson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Aloha!
>>
>> FYI: I stumbled upon some interesting EC-benchmarks on different ARM MCU
>> architectures (M0 -> M4). Some of them are basically the same as the one
>> we are targeting on the Alpha board (albeit with lower clock freq).
>>
>> https://www.ietf.org/proceedings/92/slides/slides-92-lwig-3.pdf
>>
>> There some weirdness in the preso. The performance from the same SW as
>> measuered on the same architecture (but chips from different chips)
>> differs closer to 2x with the difference in clock speed. But there are
>> quite a lot of good stuff in the preso.
> 
> As far as I understand, since our primary use case is DNSSEC, curves
> P-256 and P-384 are the most interesting ones for us. I think, this
> presentation gives a good reference for expected performance: ~120 ms to
> sign for P-256 and ~200 ms to sign for P-384. Of course this will vary
> depending on actual implementation, but we at least know expected order
> of magnitude.
> 
> Speaking of why the same core from different vendors shows different
> performance, I think, it is due to different "perks" vendors invent to
> beat each other. For example, our particular STM32 has a proprietary
> feature from STMicroelectronics called "Aptive Real-Time Memory
> Accelerator (ART Accelerator™)", that is claimed to boost CPU core
> performance.
> 
>> And yes, Curve25519 is waay faster. The Donna implementation is what
>> I've used on a Cortex-M0.
> 
> Btw, I wonder, how fast Rob's software implementation is on Novena's CPU.
> 
> -- 
> With best regards,
> Pavel Shatov
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 530 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/tech/attachments/20150914/e595aa93/attachment.sig>