RFR: 8294997: Improve ECC math operations

Daniel Jeliński djelinski at openjdk.org
Wed Oct 12 12:35:05 UTC 2022 

On Tue, 11 Oct 2022 17:30:02 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This patch rewrites some BigInteger and curve point operations used in EC calculations:
>> - coefficient * 2^power is equivalent to coefficient << power
>> - number mod 2^n is equivalent to number & (2^n-1)
>> - pair of IntegerModuloP operations:
>> t2 = t1+t1
>> t1 = t1+t2
>> is equivalent to t1=t1*3, which is now implemented more efficiently.
>> 
>> Benchmarked the code using not-yet-merged benchmark from #10544. Results on x64 before:
>> 
>> Benchmark        (messageLength)   Mode  Cnt     Score   Error  Units
>> Signatures.sign               64  thrpt   15  1578.907 ± 1.522  ops/s
>> 
>> After:
>> 
>> Benchmark        (messageLength)   Mode  Cnt     Score   Error  Units
>> Signatures.sign               64  thrpt   15  1679.495 ± 3.883  ops/s
>> 
>> Greatest part of the improvement is related to ECOperations changes; BigInteger modifications provide only marginal gains (1584 ops/s without ECOperations changes).
>> 
>> Tier1-3 tests continue to pass.
>
> src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java line 240:
> 
>> 238:                     W = W.add(V[i].shiftLeft(i * outLen));
>> 239:                 }
>> 240:                 W = W.add((V[n].mod(BigInteger.TWO.pow(b)))
> 
> Did you want to update the "BigInteger.TWO.pow(b)" as well?

Actually I think I'll revert the DSA changes; I'm not prepared to measure their effect at this moment.

> src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java line 332:
> 
>> 330: 
>> 331:     protected void setLimbsValuePositive(BigInteger v, long[] limbs) {
>> 332:         assert bitsPerLimb < 32;
> 
> I may have this assert in the constructors as it is a final field.

I added it here as a comment explaining why using intValue is okay here; it wouldn't serve its purpose if I moved it elsewhere.
Asserts are eliminated by the compiler by default anyway. If you think this assert shouldn't be here, I can replace it with a normal comment.

-------------

PR: https://git.openjdk.org/jdk/pull/10614

More information about the security-dev mailing list