RFR: 8069539: RSA acceleration
Vladimir Kozlov
vladimir.kozlov at oracle.com
Tue Apr 14 17:58:07 UTC 2015
Thank you, Andrew, for suggestions.
Vladimir
On 4/14/15 10:41 AM, Andrew Haley wrote:
> On 04/14/2015 06:22 PM, Vladimir Kozlov wrote:
>
>> We are discussing how and which checks to add into java code which
>> calls intrinsified methods to keep intrinsic simple.
>
> Yes, good idea. While you're in there, there's a couple of thoughts I'd
> like to draw your attention to.
>
> Montgomery multiplication and squaring are implemented as separate
> steps, like so:
>
> a = multiplyToLen(t, modLen, mult, modLen, a);
> a = montReduce(a, mod, modLen, inv);
>
> a = squareToLen(t, modLen, a);
> a = montReduce(a, mod, modLen, inv);
>
> It is possible to interleave the multiplication and Montgomery
> reduction, and this can lead to a useful speedup on some
> architectures. It would be nice if Montgomery multiplication and
> squaring were factored into separate methods, and then they could be
> replaced by intrinsics.
>
> Also, all these word-reversal and misaligned long stores / loads in
> the multiplyToLen intrinsic code are a real PITA. If we word-reversed
> the arrays so that they were in little-endian form we'd have neither
> misaligned long stores / loads nor repeated word-reversals. We could
> do the word reversal on the stack: AFAICS it's unusual for
> multiplyToLen to be called for huge bignums, and I suppose if it did
> happen for a bignum larger than some threshold we could do the word
> reversal on the heap.
>
> Andrew.
>
More information about the hotspot-dev
mailing list