[curves] FourQ
Trevor Perrin
trevp at trevp.net
Fri Sep 18 18:05:59 PDT 2015
On 9/18/15 6:15 AM, D. J. Bernstein wrote:
> Trevor Perrin writes:
>> - FourQ is a little faster (~10%) than 25519 without endomorphisms
>
> Maybe, but for such small differences one has to look very carefully at
> what exactly is being measured (e.g., is point validation included? what
> exactly are the assumptions on the input and output?) and of course also
> the quantitative security level (2^122.5 vs. 2^125.8---one expects this
> to have a close-to-cubic effect).
On the other hand, 25519 has received more optimization over the years,
and Tung Chou's implementation uses more assembly than FourQLib [1,2].
Considering this, MSR's overall estimate of 2-3x speedup (with
endomorphisms) for variable-base ops vs 25519 seems reasonable, even
though the speedup wrt Tung on SB/IB is only 2.1 - 2.2.
I guess we'll get more information over time.
Trevor
[1] https://sites.google.com/a/crypto.tw/blueprint/
[2] http://research.microsoft.com/en-us/projects/fourqlib/
More information about the Curves
mailing list