RFR: 8295011: EC point multiplication improvement for secp256r1 [v3]
Daniel Jeliński
djelinski at openjdk.org
Mon Oct 31 06:58:32 UTC 2022
On Fri, 28 Oct 2022 14:39:34 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> src/jdk.crypto.ec/share/classes/sun/security/ec/ECOperations.java line 628:
>>
>>> 626: ProjectivePoint.Mutable m =
>>> 627: multiplier.pointMultiply(s);
>>> 628: points[d][w] = m.setValue(m.asAffine()).fixed();
>>
>> Did you try using AffinePoints instead of ProjectivePoints? Sum with AffinePoints is supposed to be a bit faster, wonder if the improvement is worthwhile.
>>
>> Also, unless you switch to affine points, just use `m.fixed()`.
>
>> Did you try using AffinePoints instead of ProjectivePoints?
>
> Yes. See [JDK-8295763](https://bugs.openjdk.org/browse/JDK-8295763). Unfortunately, the mixed point addition formulas used in JDK implementation does not support additional of neutral point. It may be doable again if the formulas get changed in the future.
>
>> Also, unless you switch to affine points, just use m.fixed().
>
> Yes, the change to AffinePoints is mainly for checking in the following block. BTW, the class loading is slow, hard-coded tables should be used in a coming update very soon.
ah... right. The neutral point, aka point at infinity (0:1:0) cannot be represented in affine space. Thanks for checking.
-------------
PR: https://git.openjdk.org/jdk/pull/10893
More information about the security-dev
mailing list