Paper 2015/943

Sandy2x: New Curve25519 Speed Records

Tung Chou

Abstract

This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takesonly 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy Bridge cycles. There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel’s serial 64 x 64 -> 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 x 32 -> 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types of computation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Elliptic curvesDiffie-Hellmansignaturesspeedconstant timeCurve25519Ed25519vectorization
Contact author(s)
blueprint @ crypto tw
History
2015-09-30: revised
2015-09-28: received
See all versions
Short URL
https://ia.cr/2015/943
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/943,
      author = {Tung Chou},
      title = {Sandy2x: New Curve25519 Speed Records},
      howpublished = {Cryptology ePrint Archive, Paper 2015/943},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/943}},
      url = {https://eprint.iacr.org/2015/943}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.