RFR: 8294731: Improve multiplicative inverse for secp256r1 implementation [v2]

Ferenc Rakoczi duke at openjdk.org
Fri Oct 7 15:48:22 UTC 2022

On Fri, 7 Oct 2022 15:37:24 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

>>> It seems to me the scalar multiplication enhancement should be done first, or maybe integrated with this fix. Do you have a bug number for the scalar multiplication enhancement?
>> I did not file the scalar multiplication enhancement in JBS yet.  There are a few places that could be improved for the EC performance.  However, the update is big if having them all in one PR.  In order to simplify the code review and implementation, I would like to break it down into small enhancements.  I filed an [umbrella RFE](https://bugs.openjdk.org/browse/JDK-8294188) for the performance improvement in EC.  The goal to make the common EC crypto operations (key generation/exchange/signature) 3+ times faster, and make the TLS connections 20%+ faster .  
>> I may have to wait for a few more weeks so that I can come up with the scalar multiplication pull request.
> @XueleiFan tests are failing after the last commit; see `sun/security/ec/TestEC.java` for example.
> @ferakocz biginteger math is not constant-time, which is why it can't be used here.

@djelinski for this purpose, it doesn't matter if the exponentiation is not constant time, as its running time only depends on the value of the exponent, which is a known (public) value.


PR: https://git.openjdk.org/jdk/pull/10544

More information about the security-dev mailing list