[Cryptography] Microsoft's new, free, crypto library dubbed FourQ

Rob Schneier rob.schneier1 at gmail.com
Fri Oct 2 18:35:08 EDT 2015 

--- Apologies for the late reply. Coming back from vacation.

I can see that you like dodging and avoid acknowledging your mistakes. But
let me keep readers well informed:

You originally said: "djb and friends' Kummer curve is ..."
I clarified that you were wrong and that "efficient scalar multiplications
on the Kummer surface and the fast Kummer surface defined over GF(2^127-1)
used by several recent implementations are due to Gaudry and Gaudry-Schost,
respectively, not to "djb and friends"."
What you responded back: nothing.

You originally said: "(Kummer) hasn't been assembly optimized yet."
I clarified that your statement was false and that "most of the recent
Kummer implementations (see http://eprint.iacr.org/2012/670.pdf and
http://eprint.iacr.org/2014/134.pdf) are fully optimized in assembly."

What you responded back: "Cool claim, it's both vague and not true in
places where it really matters."
Sorry for speaking with facts: the papers that I cited report results "on
an Intel Core i7-3520M (Ivy Bridge) processor" in the case of [1] and on
Sandy Bridge, Ivy Bridge and Haswell in the case of [2] ([2] also reports
results on ARM Cortex-A8). *ALL* the implementations excepting the one for
Haswell *ARE* assembly optimized (checking this takes no effort, just check
out SUPERCOP or the papers). Haswell is important but it is not the only
processor family that matters in the world.

You said: "I guess your point is why should we care about Haswell? Well, I
certainly care about Haswell and its progeny even if you don't...".

Huh? Please, do not fabricate arguments just because you don't know about
this topic.

You said: well, quotes and opinions from djb.

If I want to read others' opinions I just do it. Sorry but I expect people
to use their own opinions and ideas when posting, instead of just
copy-and-pasting opinions from others.

Sincerely,
Rob Schneier

[1] J. W. Bos, C. Costello, H. Hisil and K. Lauter, "Fast Cryptography in
Genus 2".
http://eprint.iacr.org/2012/670.pdf

[2] D. J. Bernstein, C. Chuengsatiansup, T. Lange and P. Schwabe, "Kummer
strikes back: new DH speed records".
http://eprint.iacr.org/2014/134.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151002/7ec3a18e/attachment.html>

More information about the cryptography mailing list