RFR: 8294248: Use less limbs for P256 in EC implementation [v3]

Xue-Lei Andrew Fan xuelei at openjdk.org
Tue Nov 29 20:47:32 UTC 2022 

On Tue, 29 Nov 2022 18:57:57 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Hi,
>> 
>> Please review this performance improvement for Secp256R1 implementation in OpenJDK.  With this update, there is an about 20% performance improvement for Secp256R1 key generation and signature.
>> 
>> Basically, 256 bits EC curves could use 9 integer limbs for the computation.  The current implementation use 10 limbs instead.  By reducing the number of limbs, the implementation could benefit from less integer computation (add/sub/multiply/square/inverse/mod/pow, etc), and thus improve the performance.
>> 
>> Here are the benchmark numbers without the patch:
>> 
>> Benchmark         (messageLength)   Mode  Cnt  Score   Error   Units
>> Signatures.sign               64  thrpt   15  1.414 ± 0.022  ops/ms
>> Signatures.sign              512  thrpt   15  1.418 ± 0.004  ops/ms
>> Signatures.sign             2048  thrpt   15  1.419 ± 0.005  ops/ms
>> Signatures.sign            16384  thrpt   15  1.395 ± 0.003  ops/ms
>> 
>> KeyGenerators.keyPairGen          thrpt   15  1.475 ± 0.043  ops/ms
>> 
>> 
>> And here are the numbers with the patch applied:
>> 
>> Benchmark         (messageLength)   Mode  Cnt  Score   Error   Units
>> ECSignature.sign               64  thrpt   15  1.719 ± 0.010  ops/ms
>> ECSignature.sign              512  thrpt   15  1.704 ± 0.012  ops/ms
>> ECSignature.sign             2048  thrpt   15  1.699 ± 0.018  ops/ms
>> ECSignature.sign            16384  thrpt   15  1.681 ± 0.006  ops/ms
>> 
>> KeyGenerators.keyPairGen           thrpt   15  1.881 ± 0.008  ops/ms
>> 
>> 
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains four commits:
> 
>  - Merge
>  - remove duplicated bench tests
>  - remove tailing white spaces
>  - 8294248: Use less limbs for P256 in EC implementation

Here is the latest benchmark numbers, after the integration of https://github.com/openjdk/jdk/pull/10624, https://github.com/openjdk/jdk/pull/10544 and https://github.com/openjdk/jdk/pull/10893. 

with this patch:

Benchmark                    (algorithm)  (messageLength)   Mode  Cnt     Score    Error  Units
Signatures.sign                secp256r1               64  thrpt   15  4767.902 ± 26.834  ops/s
Signatures.sign                secp256r1              512  thrpt   15  4755.802 ± 41.800  ops/s
Signatures.sign                secp256r1             2048  thrpt   15  4728.560 ± 55.913  ops/s
Signatures.sign                secp256r1            16384  thrpt   15  4488.473 ± 60.325  ops/s


without this patch:

Benchmark                    (algorithm)  (messageLength)   Mode  Cnt     Score    Error  Units
Signatures.sign                secp256r1               64  thrpt   15  4089.026 ± 22.034  ops/s
Signatures.sign                secp256r1              512  thrpt   15  4081.396 ± 25.416  ops/s
Signatures.sign                secp256r1             2048  thrpt   15  4080.277 ± 24.239  ops/s
Signatures.sign                secp256r1            16384  thrpt   15  3926.398 ± 14.582  ops/s


The performance improvement is about 15%.  

Comparing to the numbers in the PR description, the performance improvement is about 240% with the update for [this PR](https://github.com/openjdk/jdk/pull/10398), https://github.com/openjdk/jdk/pull/10624, https://github.com/openjdk/jdk/pull/10544 and https://github.com/openjdk/jdk/pull/10893.

-------------

PR: https://git.openjdk.org/jdk/pull/10398

More information about the security-dev mailing list