Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ... on Haswell
Brian Smith <brian@briansmith.org> Sat, 03 January 2015 19:54 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7E01A0040 for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 11:54:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dF5xAw6b_9jZ for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 11:54:11 -0800 (PST)
Received: from mail-oi0-f46.google.com (mail-oi0-f46.google.com [209.85.218.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E9AF1A0037 for <cfrg@irtf.org>; Sat, 3 Jan 2015 11:54:11 -0800 (PST)
Received: by mail-oi0-f46.google.com with SMTP id a3so12911355oib.5 for <cfrg@irtf.org>; Sat, 03 Jan 2015 11:54:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dp2TTeecGt4cNkXknw7cyimo6thTlIRj7zIAln7mrSQ=; b=DJ0GkUvYoFoHE0Fmh0nokQic/cm2Z7BcBrWGD2avZw6oqe2nIwkJ7W4jnffNT/o8L2 ZVKY5CbKwbqX9bpxUn5dv4ykui4IQv5jSYtxf+B+u3lV6/GMRxjNo0jcu+KPnjVLr3th ByUMWazWsg71SpDTS9X42OjiCqopYS4uC6CibVgeVb633Rgi7IKY1Ue6ces5vMOOXXSO 3po6mN4CK1c1P8Z30m1MKf4i3iU87tthRHkN2pDyMIzdtRPtzfYZKDUOu6/+QIr6e8Hm a2saAHTIRitae0giNzggmS3QnBvnKEfguIZwdX97EcwmHr99+JofhSyGG/RIo1De0txT IddA==
X-Gm-Message-State: ALoCoQlWHxPxNY5+KchedQU1uysXmNrAuOWo/adbNWW7yOfXv1ymFxEOWbFyjm22hYqO0gR2Q4dX
MIME-Version: 1.0
X-Received: by 10.60.52.101 with SMTP id s5mr21038357oeo.33.1420314850453; Sat, 03 Jan 2015 11:54:10 -0800 (PST)
Received: by 10.76.71.228 with HTTP; Sat, 3 Jan 2015 11:54:10 -0800 (PST)
In-Reply-To: <D0CA0568.3B27A%kenny.paterson@rhul.ac.uk>
References: <54A1E049.9000404@shiftleft.org> <D0CA0568.3B27A%kenny.paterson@rhul.ac.uk>
Date: Sat, 03 Jan 2015 11:54:10 -0800
Message-ID: <CAFewVt53366Axg-WZVGtVsTvipeHrCjtNBGcdmgR58CZwz47rg@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/erIFPxLgG4Ucdh5O2hrVrbszNPs
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ... on Haswell
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jan 2015 19:54:12 -0000
Paterson, Kenny <Kenny.Paterson@rhul.ac.uk> wrote: > My take-away from your work is that there's no strong reason (in > performance terms) to prefer P389 over P384-mers or vice-versa - the 8-9% > difference is there, yes, but could easily disappear or increase with > further optimisations on either side. > > Does that seem fair to you? Please feel free to give an alternative > interpretation if you like. FWIW, I don't think it's fair to assume that P384-mers 8-9% performance disadvantage can be optimized away, especially when the thing that's 9% faster is also slightly stronger, when there are two significantly stronger curves (P448 and P480) with the same measured performance, and when there was significant effort (AFAICT) already spent optimizing it. In fact, I think it would be safer to assume that none of these curves can be optimized further, if speculation about such things is a factor in the decision making. Cheers, Brian
- [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks vs ..… Mike Hamburg
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Watson Ladd
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Michael Hamburg
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Paterson, Kenny
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Brian Smith
- Re: [Cfrg] Benchmarks: 384 vs 389 vs Goldilocks v… Tony Arcieri