[Cryptography] Microsoft's new, free, crypto library dubbed FourQ
Rob S.
rob.schneier1 at gmail.com
Sat Sep 19 14:38:02 EDT 2015
Tony Arcieri's post is full of misconceptions and mistakes.
First off, efficient scalar multiplications on the Kummer surface and the
fast Kummer surface defined over GF(2^127-1) used by several recent
implementations are due to Gaudry and Gaudry-Schost, respectively, not
to "djb and friends".
Most of the recent Kummer implementations (see
http://eprint.iacr.org/2012/670.pdf and
http://eprint.iacr.org/2014/134.pdf) are fully optimized in assembly.
Still, I see that FourQ is significantly faster when looking at different
64-bit processors (check out Table 5 in the FourQ paper,
http://eprint.iacr.org/2015/565.pdf). If one looks across different CPUs
(not only one CPU in particular), FourQ is also shown to be up to 5 times
faster than the NIST curve P-256 and close to 3 times faster than Cu
Curve25519. This is remarkable.
I would like to see results on ARM though, but results so far are very
promising.
More information about the cryptography
mailing list