[curves] Microsoft ECCLib for "NUMS" curves

Samuel Neves sneves at dei.uc.pt
Mon Jun 30 03:08:19 PDT 2014 

I've fixed up the 256-bit arithmetic to run on Linux; the arithmetic and curve arithmetic tests pass, at least. The
assembly code has a few extra instructions at the top of each function to adjust the arguments to the correct calling
convention, so there may be a slight slowdown compared to the original.

Here are the results on Sandy Bridge, compiled with gcc-4.8 -O3 -march=corei7-avx:

> TESTING
> --------------------------------------------------------------------------------------------------------
>
> Curve arithmetic: Weierstrass a=-3 over GF(2^256-189)
>
>   Point doubling tests .................................................................... PASSED
>   (Complete) point addition tests ......................................................... PASSED
>   Variable-base scalar multiplication tests ............................................... PASSED
>   Fixed-base scalar multiplication tests .................................................. PASSED
>   Double-scalar multiplication tests ...................................................... PASSED
>
> --------------------------------------------------------------------------------------------------------
>
> Curve arithmetic: twisted Edwards a=-1 over GF(2^256-189)
>
>   Point doubling tests .................................................................... PASSED
>   Point addition tests .................................................................... PASSED
>   Variable-base scalar multiplication tests ............................................... PASSED
>   Fixed-base scalar multiplication tests .................................................. PASSED
>   Double-scalar multiplication tests ...................................................... PASSED
>
>
> BENCHMARKING
> --------------------------------------------------------------------------------------------------------
>
> Curve arithmetic: Weierstrass a=-3 over GF(2^256-189)
>
>   Point doubling runs in ..........................................      692 cycles
>   (Complete) point addition runs in ...............................     1800 cycles
>   Variable-base scalar mul runs in ................................   283459 cycles
>   Fixed-base scalar mul (memory model=MEM_LARGE) runs in ..........   110170 cycles
>   Double-base scalar mul (memory model=MEM_LARGE) runs in .........   308682 cycles
>
> --------------------------------------------------------------------------------------------------------
>
> Curve arithmetic: twisted Edwards a=-1 over GF(2^256-189)
>
>   Point doubling runs in ..........................................      561 cycles
>   (Complete) point addition runs in ...............................      937 cycles
>   Variable-base scalar mul runs in ................................   229518 cycles
>   Fixed-base scalar mul (memory model=MEM_LARGE) runs in ..........    84654 cycles
>   Double-base scalar mul (memory model=MEM_LARGE) runs in .........   242049 cycles

More information about the Curves mailing list