[curves] new 25519 measurements of formally verified implementations

D. J. Bernstein djb at cr.yp.to
Fri Jan 26 04:06:00 PST 2018


Tung Chou's sandy2x code was (as the name suggests) optimized for Sandy
Bridge. For Haswell and Skylake, the slides from Julio Lopez in

   https://hyperelliptic.org/tanja/lc17/ascrypto.html

report two followup implementations producing roughly 25% speedups for
Curve25519; see slide 67/83.

I do think that the hacl64 Curve25519 speeds are fast enough for pretty
much everybody, and verification is certainly a huge plus, but people
who want more speed should be aware of what's possible---and people
working on Curve25519 verification shouldn't think they're done yet!

---Dan


More information about the Curves mailing list