Sandy2X: new curve25519 speed records

T. Chou

doi:10.1007/978-3-319-31301-6_8

Sandy2X: new curve25519 speed records

T. Chou

Discrete Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

20 Citations (Scopus)

Abstract

This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy Bridge cycles. There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel’s serial 64×64 → 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 × 32 → 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types ofcomputation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.

Original language	English
Title of host publication	Selected Areas in Cryptography – SAC 2015
Subtitle of host publication	22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers
Place of Publication	Dordrecht
Publisher	Springer
Pages	145-160
Number of pages	16
ISBN (Electronic)	978-3-319-31301-6
ISBN (Print)	978-3-319-31300-9
DOIs	https://doi.org/10.1007/978-3-319-31301-6_8
Publication status	Published - 2016
Event	22nd International Conference on Selected Areas in Cryptography (SAC 2015) - Sackville, Canada Duration: 12 Aug 2015 → 14 Aug 2015 Conference number: 22

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9566
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	22nd International Conference on Selected Areas in Cryptography (SAC 2015)
Abbreviated title	SAC 2015
Country/Territory	Canada
City	Sackville
Period	12/08/15 → 14/08/15

Keywords

Constant time
Curve25519
Diffie-Hellman
Ed25519
Elliptic curves
Signatures
Speed
Vectorization

Access to Document

10.1007/978-3-319-31301-6_8

Cite this

Chou, T. (2016). Sandy2X: new curve25519 speed records. In Selected Areas in Cryptography – SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers (pp. 145-160). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9566). Springer. https://doi.org/10.1007/978-3-319-31301-6_8

Chou, T. / Sandy2X : new curve25519 speed records. Selected Areas in Cryptography – SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers. Dordrecht : Springer, 2016. pp. 145-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{bac7f87e07b1459990a20cc74b6f9356,

title = "Sandy2X: new curve25519 speed records",

abstract = "This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy Bridge cycles. There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel{\textquoteright}s serial 64×64 → 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 × 32 → 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types ofcomputation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.",

keywords = "Constant time, Curve25519, Diffie-Hellman, Ed25519, Elliptic curves, Signatures, Speed, Vectorization",

author = "T. Chou",

year = "2016",

doi = "10.1007/978-3-319-31301-6_8",

language = "English",

isbn = "978-3-319-31300-9",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "145--160",

booktitle = "Selected Areas in Cryptography – SAC 2015",

address = "Germany",

note = "22nd International Conference on Selected Areas in Cryptography (SAC 2015), SAC 2015 ; Conference date: 12-08-2015 Through 14-08-2015",

}

Chou, T 2016, Sandy2X: new curve25519 speed records. in Selected Areas in Cryptography – SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9566, Springer, Dordrecht, pp. 145-160, 22nd International Conference on Selected Areas in Cryptography (SAC 2015), Sackville, New Brunswick, Canada, 12/08/15. https://doi.org/10.1007/978-3-319-31301-6_8

Sandy2X: new curve25519 speed records. / Chou, T.
Selected Areas in Cryptography – SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers. Dordrecht: Springer, 2016. p. 145-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9566).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Sandy2X

T2 - 22nd International Conference on Selected Areas in Cryptography (SAC 2015)

AU - Chou, T.

N1 - Conference code: 22

PY - 2016

Y1 - 2016

N2 - This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy Bridge cycles. There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel’s serial 64×64 → 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 × 32 → 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types ofcomputation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.

AB - This paper sets speed records on well-known Intel chips for the Curve25519 elliptic-curve Diffie-Hellman scheme and the Ed25519 digital signature scheme. In particular, it takes only 159 128 Sandy Bridge cycles or 156 995 Ivy Bridge cycles to compute a Diffie-Hellman shared secret, while the previous records are 194 036 Sandy Bridge cycles or 182 708 Ivy Bridge cycles. There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel’s serial 64×64 → 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 × 32 → 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types ofcomputation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.

KW - Constant time

KW - Curve25519

KW - Diffie-Hellman

KW - Ed25519

KW - Elliptic curves

KW - Signatures

KW - Speed

KW - Vectorization

UR - http://www.scopus.com/inward/record.url?scp=84961590040&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-31301-6_8

DO - 10.1007/978-3-319-31301-6_8

M3 - Conference contribution

AN - SCOPUS:84961590040

SN - 978-3-319-31300-9

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 145

EP - 160

BT - Selected Areas in Cryptography – SAC 2015

PB - Springer

CY - Dordrecht

Y2 - 12 August 2015 through 14 August 2015

ER -

Chou T. Sandy2X: new curve25519 speed records. In Selected Areas in Cryptography – SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers. Dordrecht: Springer. 2016. p. 145-160. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-31301-6_8

Sandy2X: new curve25519 speed records

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this