Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ... on Haswell
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Sat, 03 January 2015 14:42 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9CFB1A8A20 for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 06:42:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4cuKW_M9rSF for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 06:42:34 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0693.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::693]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD18F1A8A05 for <cfrg@irtf.org>; Sat, 3 Jan 2015 06:42:33 -0800 (PST)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.1.49.12; Sat, 3 Jan 2015 14:40:22 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0049.002; Sat, 3 Jan 2015 14:40:22 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Michael Hamburg <mike@shiftleft.org>
Thread-Topic: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ... on Haswell
Thread-Index: AQHQI701KGpxET6GdkKNiBIGv4KjYZyqIa6AgAAmO4CABDb+gA==
Date: Sat, 03 Jan 2015 14:40:22 +0000
Message-ID: <D0CDABF2.3B5E5%kenny.paterson@rhul.ac.uk>
References: <54A1E049.9000404@shiftleft.org> <D0CA0568.3B27A%kenny.paterson@rhul.ac.uk> <8B06C2AB-A4D3-4ADD-898A-135C06497458@shiftleft.org>
In-Reply-To: <8B06C2AB-A4D3-4ADD-898A-135C06497458@shiftleft.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [78.146.61.145]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-dmarcaction: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005003);SRVR:DBXPR03MB384;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB384;
x-forefront-prvs: 0445A82F82
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(199003)(189002)(51704005)(479174004)(97736003)(46102003)(101416001)(4396001)(20776003)(64706001)(92566001)(86362001)(66066001)(107046002)(561944003)(19580395003)(21056001)(105586002)(15975445007)(87936001)(31966008)(76176999)(83506001)(77156002)(120916001)(62966003)(106116001)(102836002)(2950100001)(50986999)(40100003)(19580405001)(77096005)(74482002)(106356001)(68736005)(36756003)(99396003)(54356999)(2900100001)(2656002)(122556002)(110136001); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <40F3971526C6F549AC3872C4FB14BA2D@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2015 14:40:22.0201 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB384
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/NC0-dq-Wu21A6jXG8rIoee0vQeo
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ... on Haswell
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jan 2015 14:42:37 -0000
Hi Mike, On 31/12/2014 22:18, "Michael Hamburg" <mike@shiftleft.org> wrote: >I¹m still a little bit perplexed about why you asked me to do this >exercise. The argument at the WF128 level seems to be about the existing >trust and deployment of Curve25519 compared to a ³rigidly-generated² >ed-256-mers. At the WF192 and WF256 levels, there are no widely deployed >³safe" curves, and it is between this same notion of ³rigidity² vs more >³efficient² curves such as Curve41417, Ed448-Goldilocks and E-521. >[Scarequoted because it¹s MSR's definition of rigidity, DJB and Tanja¹s >safety criteria, and Trevor¹s and my efficiency metric.] I asked because Watson had explicitly said that the 384-bit MGN prime would be slower than others at WF192. I wanted to find out whether that was really the case or not, with hard numbers: https://www.ietf.org/mail-archive/web/cfrg/current/msg05691.html >Is the introduction of another efficient curve near WF192 suggested to >sway the rigidity camp¹s opinion about any of these proposals? >Especially with people so sick of the endless arguments that they¹re >cutting backroom deals? The MGN proposal (draft-black) includes a specific curve at WF192, and I simply wanted to understand its relative performance. If it was hopelessly slow, then this would reasonably be interpreted as a negative point for the specific curve and the MGN proposal in general (since it seems to be an "take it or leave it" proposal, though I'd better let the proposers of it speak to that detail). If the curve was competitive, then it could be seen as a positive, and maybe some more people would become more amenable to the proposal. As usual, I am trying to find a way forward here that most people can live with. Not sure if this answers your question or not... > >If you think data has a chance of moving things forward, I suggest that >benchmarks of the Microsoft curves¹ (or at least primes¹) performance on >ARM scalar/NEON would be more informative, because they¹d help determine >whether the efficiency camp¹s curves are broadly more efficient and by >how much. I think hard data can only help, but I don't expect you to do the work here! Cheers Kenny
- [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ..… Mike Hamburg
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Watson Ladd
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Michael Hamburg
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Brian Smith
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Tony Arcieri