[Cryptech Tech] Storage of curve parameters for ECDSA

Rob Austein sra at hactrn.net
Thu Jan 14 18:49:00 UTC 2016

Previous message (by thread): [Cryptech Tech] Storage of curve parameters for ECDSA
Next message (by thread): [Cryptech Tech] Storage of curve parameters for ECDSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At Thu, 14 Jan 2016 19:09:41 +0300, Pavel Shatov wrote:
...
> Reduction can also be done word-by-word, which is much faster. That's 
> how FPGA (and apparently libtfm) works. In that sense "fp_digit" is 
> actually a 32-bit number, so the algorithm zeroes out 32 bits a time. To 
> do this one needs a special speed-up factor, that depends on lower 32 
> bits of the modulus. Btw, that's why you have to toggle the init bit of 
> ModExpS6 core after you change modulus -- the core has to pre-calculate 
> the new speed-up factor. I guess setup function in libtfm does the same.
> 
> NIST primes all have their lower 32 bits set to ones, so the speed-up 
> factor becomes just 1, there's no need for FPGA to calculate it at all. 
> Since I'm trying to write ECDSA core, not general-purpose EC math core, 
> I thought, that it would make sense to take advantage of the fact and 
> get rid of that redundant coefficient.

This all makes sense, and I think you're on the right track here.

Previous message (by thread): [Cryptech Tech] Storage of curve parameters for ECDSA
Next message (by thread): [Cryptech Tech] Storage of curve parameters for ECDSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list