RFR: 8329538: Accelerate P256 on x86_64 using Montgomery intrinsic [v6]
Volodymyr Paprotski
duke at openjdk.org
Mon May 6 22:47:23 UTC 2024
> Performance. Before:
>
> Benchmark (algorithm) (dataSize) (keyLength) (provider) Mode Cnt Score Error Units
> SignatureBench.ECDSA.sign SHA256withECDSA 1024 256 thrpt 3 6443.934 ± 6.491 ops/s
> SignatureBench.ECDSA.sign SHA256withECDSA 16384 256 thrpt 3 6152.979 ± 4.954 ops/s
> SignatureBench.ECDSA.verify SHA256withECDSA 1024 256 thrpt 3 1895.410 ± 36.979 ops/s
> SignatureBench.ECDSA.verify SHA256withECDSA 16384 256 thrpt 3 1878.955 ± 45.487 ops/s
> Benchmark (algorithm) (keyLength) (kpgAlgorithm) (provider) Mode Cnt Score Error Units
> o.o.b.j.c.full.KeyAgreementBench.EC.generateSecret ECDH 256 EC thrpt 3 1357.810 ± 26.584 ops/s
> o.o.b.j.c.small.KeyAgreementBench.EC.generateSecret ECDH 256 EC thrpt 3 1352.119 ± 23.547 ops/s
> Benchmark (isMontBench) Mode Cnt Score Error Units
> PolynomialP256Bench.benchMultiply false thrpt 3 1746.126 ± 10.970 ops/s
>
> Performance, no intrinsic:
>
> Benchmark (algorithm) (dataSize) (keyLength) (provider) Mode Cnt Score Error Units
> SignatureBench.ECDSA.sign SHA256withECDSA 1024 256 thrpt 3 6529.839 ± 42.420 ops/s
> SignatureBench.ECDSA.sign SHA256withECDSA 16384 256 thrpt 3 6199.747 ± 133.566 ops/s
> SignatureBench.ECDSA.verify SHA256withECDSA 1024 256 thrpt 3 1973.676 ± 54.071 ops/s
> SignatureBench.ECDSA.verify SHA256withECDSA 16384 256 thrpt 3 1932.127 ± 35.920 ops/s
> Benchmark (algorithm) (keyLength) (kpgAlgorithm) (provider) Mode Cnt Score Error Units
> o.o.b.j.c.full.KeyAgreementBench.EC.generateSecret ECDH 256 EC thrpt 3 1355.788 ± 29.858 ops/s
> o.o.b.j.c.small.KeyAgreementBench.EC.generateSecret ECDH 256 EC thrpt 3 1346.523 ± 28.722 ops/s
> Benchmark (isMontBench) Mode Cnt Score Error Units
> PolynomialP256Bench.benchMultiply true thrpt 3 1919.574 ± 10.591 ops/s
>
> Performance, **with intrinsics*...
Volodymyr Paprotski has updated the pull request incrementally with one additional commit since the last revision:
Use AffinePoint to exit Montgomery domain
Style notes:
Affine.equals()
- Mismatched fields only appear to be used from testing, perhaps should be moved there instead
Affine.getX(boolean)|getY(boolean)
- "Passing flag is bad design" - cleanest/performant alternative to several instanceof checks
- needed to convert Affine to Projective (need to stay in montgomery domain)
ECOperations.PointMultiplier
- changes could probably be restored to original (since ProjectivePoint handling no longer required)
- consider these changes an improvement? (fewer nested classes)
- was an inner-class but not using inner-class features (i.e. ecOps variable should be converted)
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/18583/files
- new: https://git.openjdk.org/jdk/pull/18583/files/a1984501..8ff243a2
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=18583&range=05
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=18583&range=04-05
Stats: 268 lines in 7 files changed: 89 ins; 147 del; 32 mod
Patch: https://git.openjdk.org/jdk/pull/18583.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18583/head:pull/18583
PR: https://git.openjdk.org/jdk/pull/18583
More information about the security-dev
mailing list