[curves] New Ed448-Goldilocks release

Michael Hamburg mike at shiftleft.org
Sat Mar 29 16:23:41 PDT 2014


Hello all,

There’s a new release of Goldilocks up at http://sourceforge.net/projects/ed448goldilocks/

As a reminder, Goldilocks is still experimental.  Hopefully soon I can start to finalize the interfaces, but not yet.

The new release brings a more organized source directory layout, more testing and many bugfixes and improvements, along with support for 32-bit processors.  In particular, there is now vectorless ARM32 support.  There may still be some room for optimization here (especially in the squaring routine), but the results are looking pretty OK:

On one core of a 1GHz Tegra2 ARM Cortex-A9 with no vector unit:
Goldilocks:
keygen:      1454.5µs
ecdh:        3610.4µs
sign:        1519.6µs
verify:      3715.9µs

Compare to OpenSSL 1.0.1 (it’s old, I know):
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan  8 20:59:11 UTC 2014
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) 
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0012s   0.0052s    839.6    190.8
 384 bit ecdsa (nistp384)   0.0027s   0.0132s    371.5     75.7
                              op      op/s
 256 bit ecdh (nistp256)   0.0044s    226.0
 384 bit ecdh (nistp384)   0.0112s     89.7

So Goldilocks is faster than (an old implementation of) NISTp256 except for key generation and signing, where it is some 20% slower.

Cheers,
— Mike Hamburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140329/882c01e7/attachment.html>


More information about the Curves mailing list