RFR(L): 8069539: RSA acceleration
Florian Weimer
fweimer at redhat.com
Fri May 8 16:38:39 UTC 2015
On 05/08/2015 05:59 PM, Andrew Haley wrote:
> Here is a prototype of what I propose:
>
> http://cr.openjdk.java.net/~aph/rsa-1/
>
> It is a JNI version of the fast algorithm I think we should use for
> RSA. It doesn't use any intrinsics. But with it, RSA is already twice
> as fast as the code we have now for 1024-bit keys, and almost three
> times as fast for 2048-bit keys!
>
> This code (montgomery_multiply) is designed to be as easy as I can
> possibly make it to translate into a hand-coded intrinsic. It will
> then offer better performance still, with the JNI overhead gone and
> with some carefully hand-tweaked memory accesses. It has a very
> regular structure which should make it fairly easy to turn into a
> software pipeline with overlapped fetching and multiplication,
> although this will perhaps be difficult on register-starved machines
> like the x86.
Do we want to add side-channel protection as part of this effort
(against timing attacks and cache-flushing attacks)?
--
Florian Weimer / Red Hat Product Security
More information about the hotspot-compiler-dev
mailing list