[curves] E-521
Trevor Perrin
trevp at trevp.net
Thu Oct 23 10:05:06 PDT 2014
On Thu, Oct 23, 2014 at 5:04 AM, Samuel Neves <sneves at dei.uc.pt> wrote:
>
> The Haswell cycle counts mentioned in the paper do not take Turbo Boost into account, and therefore are lower than the
> real number; taking into account that the Core i7 4770 chip was used (3.4 to 3.9 GHz overclocking), the Haswell cycle
> count should be ~893000. I have been able to get this slightly down to ~884000.
>
> On Sandy Bridge, I get somewhat better timings than reported by DJB: ~1030000 cycles.
Thanks!, updated [1].
By that scoring, Mike's Goldilocks implementation retains the
"relative efficiency" crown. But the E-521 numbers are without ASM
optimization. And their 9 limbs / 58-bit radix seems impressive
(Goldlilocks uses 8 limbs / 56-bit radix).
So this seems pretty close, I wonder what a better-optimized 521 could do...
Trevor
[1] https://docs.google.com/a/trevp.net/spreadsheet/ccc?key=0Aiexaz_YjIpddFJuWlNZaDBvVTRFSjVYZDdjakxoRkE&usp=sharing#gid=0
More information about the Curves
mailing list