Paper 2020/481

Using z14 Fused-Multiply-Add Instructions to Accelerate Elliptic Curve Cryptography

James You, Qi Zhang, Curtis D'Alves, Bill O'Farrell, and Christopher K. Anand


Due to growing commercial applications like Blockchain, the performance of large-integer arithmetic is the focus of both academic and industrial research. IBM introduced a new integer fused multiply-add instruction in z14, called VMSL, to accelerate such workloads. Unlike their floating-point counterparts, there are a variety of integer fused multiply-add instruction designs. VMSL multiplies two pairs of radix $2^{56}$ inputs, sums the two results together with an additional 128-bit input, and stores the resulting 128-bit value in a vector register. In this paper, we will describe the unique features of VMSL, the ways in which it is inherently more efficient than alternative specifications, in particular by enabling multiple carry strategies. We will then look at the issues we encountered implementing Montgomery Modular Multiplication for Elliptic Curve Cryptography on z14, including radix choice, mixed radices, instruction selection to trade instruction count for latency, and VMSL-specific optimizations for Montgomery-friendly moduli. The best choices resulted in a 20% increase in throughput.

Available format(s)
Publication info
Published elsewhere. CASCON '19: 29th Annual International Conference on Computer Science and Software Engineering
elliptic curve cryptosystemimplementationpublic-key cryptographyvector instructionssingle instruction multiple data
Contact author(s)
james you @ uwaterloo ca
anandc @ mcmaster ca
2020-04-28: received
Short URL
Creative Commons Attribution


      author = {James You and Qi Zhang and Curtis D'Alves and Bill O'Farrell and Christopher K.  Anand},
      title = {Using z14 Fused-Multiply-Add Instructions to Accelerate Elliptic Curve Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2020/481},
      year = {2020},
      doi = {10.5555/3370272.3370302},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.