[tor-dev] New paper by Goldberg, Stebila, and Ustaoglu with proposed circuit handshake
Adam Langley
agl at imperialviolet.org
Thu May 12 12:56:39 UTC 2011
On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> Nick, were you planning on using djb's qhasm code, or the C version
> (curve25519-donna)? (A quick look at the latter suggests it's doing
> left-to-right, so some changes would still be required, but not evil
> assembly ones.
donna is much faster than the reference implementation on 64-bit, but
much slower at 32-bit. The reference implementation was, indeed,
derived from a qhasm source, although I don't have it. (donna was only
intended to work on 64-bit systems, the 32-bit version is just for
completeness.)
Since both use Montgomery's trick for operating in the group, it's not
clear that either are amenable to implementing simultaneous
exponentiation. However, curve25519 is generally sufficiently fast
that calling it twice is still faster than a simultaneous
exponentiation on other curves:
http://www.imperialviolet.org/2010/12/21/eccspeed.html
Cheers
AGL
--
Adam Langley agl at imperialviolet.org http://www.imperialviolet.org
More information about the tor-dev
mailing list