There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel’s serial 64 x 64 -> 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 x 32 -> 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types of computation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.
Category / Keywords: implementation / Elliptic curves, Diffie-Hellman, signatures, speed, constant time, Curve25519, Ed25519, vectorization Date: received 27 Sep 2015, last revised 30 Sep 2015 Contact author: blueprint at crypto tw Available format(s): PDF | BibTeX Citation Version: 20150930:191108 (All versions of this report) Short URL: ia.cr/2015/943 Discussion forum: Show discussion | Start new discussion