Cryptology ePrint Archive: Report 2014/134

Kummer strikes back: new DH speed records

Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange and Peter Schwabe

Abstract: This paper sets new speed records for high-security constant-time variable-base-point Diffie--Hellman software: 305395 Cortex-A8-slow cycles; 273349 Cortex-A8-fast cycles; 88916 Sandy Bridge cycles; 88448 Ivy Bridge cycles; 54389 Haswell cycles. There are no higher speeds in the literature for any of these platforms.

The new speeds rely on a synergy between (1) state-of-the-art formulas for genus-2 hyperelliptic curves and (2) a modern trend towards vectorization in CPUs. The paper introduces several new techniques for efficient vectorization of Kummer-surface computations.

Category / Keywords: implementation / performance, Diffie--Hellman, hyperelliptic curves, Kummer surfaces, vectorization

Original Publication (with major differences): IACR-ASIACRYPT-2014

Date: received 20 Feb 2014, last revised 28 Oct 2014

Contact author: authorcontact-kummer at box cr yp to

Available format(s): PDF | BibTeX Citation

Version: 20141028:192034 (All versions of this report)

Short URL: ia.cr/2014/134

Discussion forum: Show discussion | Start new discussion