[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [IPsec] P-256 speed
From: Yoav Nir <ynir.ietf () gmail ! com>
Date: 2015-07-25 14:10:23
Message-ID: 699D4CBB-8302-43E8-AD0D-A47A80A5066B () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Is this code available anywhere? If not, it makes it hard to reproduce their results.
It's too bad they don't submit this to bench.cr.yp.to so we could have an \
apples-to-apples comparison with other implementations.
Yoav
> On Jul 21, 2015, at 11:57 AM, Stephen Kent <kent@bbn.com> wrote:
>
> I checked with the NIST folks and their contractor. The answer is that their sign
> operations are constant time. The attached paper describes their work in the
> context of BGPsec, because that was the motivation at NIST for exploring \
> performance improvements for P-256. There is one table (3) that also compares P-256 \
> code to 25591 in terms of signature performance. I realize that we were discussing \
> ECDH, not ECDSA, for IKE(v2) but I believe the performance numbers cited in this \
> paper are indicative of what one would see in that context as well.
>
> Steve
> <Efficient and Secure ECC Implementation of Curve P-256 \
> vf.pdf>_______________________________________________ IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space;" class="">Is this code available anywhere? If \
not, it makes it hard to reproduce their results.<div class=""><br \
class=""></div><div class="">It's too bad they don't submit this to bench.cr.yp.to so \
we could have an apples-to-apples comparison with other implementations.</div><div \
class=""><br class=""></div><div class="">Yoav</div><div class=""><br \
class=""><div><blockquote type="cite" class=""><div class="">On Jul 21, 2015, at \
11:57 AM, Stephen Kent <<a href="mailto:kent@bbn.com" \
class="">kent@bbn.com</a>> wrote:</div><br class="Apple-interchange-newline"><div \
class="">
<meta http-equiv="content-type" content="text/html; charset=utf-8" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
I checked with the NIST folks and their contractor. The answer is
that their sign<br class="">
operations <u class="">are</u> constant time. The attached paper describes
their work in the<br class="">
context of BGPsec, because that was the motivation at NIST for
exploring performance<br class="">
improvements for P-256. There is one table (3) that also compares
P-256 code to 25591 <br class="">
in terms of signature performance. I realize that we were discussing
ECDH, not ECDSA,<br class="">
for IKE(v2) but I believe the performance numbers cited in this
paper are indicative <br class="">
of what one would see in that context as well.<br class="">
<br class="">
Steve<br class="">
</div>
<span id="cid:A4C96DDE-697C-4E84-A856-1D4FB8415036"><Efficient and Secure ECC \
Implementation of Curve P-256 \
vf.pdf></span>_______________________________________________<br \
class="">IPsec mailing list<br class=""><a href="mailto:IPsec@ietf.org" \
class="">IPsec@ietf.org</a><br \
class="">https://www.ietf.org/mailman/listinfo/ipsec<br \
class=""></div></blockquote></div><br class=""></div></body></html>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic