[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] New paper by Goldberg, Stebila, and Ustaoglu with proposed circuit handshake



On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote:
> Nick, were you planning on using djb's qhasm code, or the C version
> (curve25519-donna)? Â(A quick look at the latter suggests it's doing
> left-to-right, so some changes would still be required, but not evil
> assembly ones.

donna is much faster than the reference implementation on 64-bit, but
much slower at 32-bit. The reference implementation was, indeed,
derived from a qhasm source, although I don't have it. (donna was only
intended to work on 64-bit systems, the 32-bit version is just for
completeness.)

Since both use Montgomery's trick for operating in the group, it's not
clear that either are amenable to implementing simultaneous
exponentiation. However, curve25519 is generally sufficiently fast
that calling it twice is still faster than a simultaneous
exponentiation on other curves:
http://www.imperialviolet.org/2010/12/21/eccspeed.html


Cheers

AGL

-- 
Adam Langley agl@xxxxxxxxxxxxxxxxxx http://www.imperialviolet.org
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev