Re: [Cfrg] Timing of libsodium, curve25519-donna, MSR ECCLib, and openssl-master

Andrey Jivsov <crypto@brainhub.org> Thu, 04 September 2014 01:33 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C47F1A87A3 for <cfrg@ietfa.amsl.com>; Wed, 3 Sep 2014 18:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1cpAh2Hb-pX for <cfrg@ietfa.amsl.com>; Wed, 3 Sep 2014 18:33:44 -0700 (PDT)
Received: from qmta01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:16]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7221A6FB1 for <cfrg@irtf.org>; Wed, 3 Sep 2014 18:33:44 -0700 (PDT)
Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92]) by qmta01.emeryville.ca.mail.comcast.net with comcast id morz1o0011zF43QA1pZkre; Thu, 04 Sep 2014 01:33:44 +0000
Received: from [IPv6:::1] ([71.202.164.227]) by omta24.emeryville.ca.mail.comcast.net with comcast id mpZi1o00H4uhcbK8kpZjBP; Thu, 04 Sep 2014 01:33:43 +0000
Message-ID: <5407C176.3000109@brainhub.org>
Date: Wed, 03 Sep 2014 18:33:42 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <53F0010B.6080101@brainhub.org> <CD159876-F061-4EB8-B1DC-FAB8E4798E26@shiftleft.org> <53F108CF.4040704@brainhub.org> <53F18607.3000005@brainhub.org> <5406C23E.80205@brainhub.org>
In-Reply-To: <5406C23E.80205@brainhub.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1409794424; bh=IsnXM1KjR7KmxY6ZLdEdKIdzHeM/17kC400571fsxOQ=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=ekREiwMrTydanoSB9M2VafBjgJMgwSperSIFRxlvXDxmGeEpjTGeYWo2hJYu9H8EN 4ZmYxu9Dlw4XwGZ8GWWruK/eddxGa5YPGv4OHtqPkpMjLHsGyVl9nB9AuYqRj3A/ow 4nndAcAstiTz3W9eXZODbH2+Cu6kjz4SZAEmsKvEt8k5OsIpMaT8e7zqiLuBm5+7pN o6RSngtKjiR3wfKF7aFgV/aKsOeMxIEoy5kKl1/0QOK/lyYbqs7f7qN/CpflDtdNuB vhE/3IxDXzUR8QBKzBblNHXkGTQJpLv7p0EJ2mC8P6HIIhu96T/e0Ai5Siy9bcQlVQ cfOP3dIO57Hpw==
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/icCcI7kNiy7Oz2yQnMBWjFAo0WI
Subject: Re: [Cfrg] Timing of libsodium, curve25519-donna, MSR ECCLib, and openssl-master
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 01:33:45 -0000

A recent contribution from Intel to openssl, not yet a part of openssl, 
implements NIST P-256 EC crypto with AVX2 instruction set.

This code on my Haswell CPU shows that X25519 is 40% faster than P-256. 
This is a data point to consider regarding how close two optimized 
implementations can be on the same CPU depending on their choice of the 
target instruction set.


[andrey@M93p curve25519-donna]$ ./speed-curve25519-donna-c64
66 us, 15148.2 op/s

v.s.

[andrey@M93p openssl-master]$ apps/openssl speed ecdhp256
                               op      op/s
  256 bit ecdh (nistp256)   0.0001s  10810.6

15148.2/10810.6 = 1.40

The above is with no hyperthreading, no speedstep
model name	: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
cpu MHz		: 3400.000

Restoring hypethreading, speedstep, i.e. returning to the normal 
configuration of a desktop system, maintains the ratio:

17384.8/12348.9=1.40