diff options
| author | Filippo Valsorda <filippo@golang.org> | 2021-10-30 00:27:51 -0400 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2021-11-05 19:01:13 +0000 |
| commit | 93bab8a2f918afa8417f7b46da69c21d643de880 (patch) | |
| tree | 501328087beecf83a678281a09e6d4e680e6ab21 /src/debug | |
| parent | 53bab198d93153f0123cb806ebb2b5c9ebbe8dc7 (diff) | |
| download | go-93bab8a2f918afa8417f7b46da69c21d643de880.tar.xz | |
crypto/elliptic: port P-224 and P-384 to fiat-crypto
Also, adopt addchain code generation for field inversion, and switch
P-521 to Montgomery multiplication, which is significantly slower but
allows us to reuse the P-224/P-256/P-384 wrapper code. No one uses P-521
anyway, and it's still faster than it was in Go 1.16.
Removed a portion of tests that ran the P-224 vectors against P-256,
for some reason.
Sadly, fiat-crypto is not fast enough to replace the generic 32-bit
P-256 implementation (just yet?).
A change in visible behavior is that we literally can't internally
operate on invalid curve points anymore (yay!) but the crypto/elliptic
API locked us into accepting any pair of integers for
Add/Double/ScalarMult and return no error (sigh), although of course
that's undefined behavior. Panics are always regretted. Returning nil
leads to panics. A fixed point might be exploited. The most reasonable
solution felt to return a made up random point, which is not that
different from an off-curve point but leaks less.
name old time/op new time/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P224-8 573µs ± 0% 146µs ± 0% -74.56% (p=0.000 n=7+9)
ScalarMult/P224-8 574µs ± 0% 152µs ± 5% -73.58% (p=0.000 n=7+10)
MarshalUnmarshal/P224/Uncompressed-8 664ns ± 0% 481ns ± 1% -27.64% (p=0.000 n=8+10)
MarshalUnmarshal/P224/Compressed-8 666ns ± 1% 480ns ± 0% -27.92% (p=0.000 n=10+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P224-8 597µs ± 0% 169µs ± 2% -71.71% (p=0.000 n=10+9)
Verify/P224-8 1.18ms ± 1% 0.32ms ± 5% -72.81% (p=0.000 n=10+10)
GenerateKey/P224-8 577µs ± 0% 147µs ± 0% -74.51% (p=0.000 n=8+8)
name old time/op new time/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P384-8 2.01ms ± 2% 0.50ms ± 0% -75.00% (p=0.000 n=10+8)
ScalarMult/P384-8 2.02ms ± 3% 0.51ms ± 3% -74.64% (p=0.000 n=10+10)
MarshalUnmarshal/P384/Uncompressed-8 1.09µs ± 1% 0.76µs ± 0% -30.27% (p=0.000 n=10+9)
MarshalUnmarshal/P384/Compressed-8 1.08µs ± 0% 0.76µs ± 1% -29.86% (p=0.000 n=8+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P384-8 2.06ms ± 1% 0.56ms ± 2% -72.76% (p=0.000 n=10+10)
Verify/P384-8 4.06ms ± 2% 1.08ms ± 0% -73.49% (p=0.000 n=10+8)
GenerateKey/P384-8 2.01ms ± 1% 0.51ms ± 3% -74.65% (p=0.000 n=10+10)
name old time/op new time/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P521-8 715µs ± 6% 1525µs ± 4% +113.39% (p=0.000 n=10+10)
ScalarMult/P521-8 698µs ± 1% 1543µs ± 1% +120.99% (p=0.000 n=9+9)
MarshalUnmarshal/P521/Uncompressed-8 797ns ± 0% 1296ns ± 0% +62.65% (p=0.000 n=10+9)
MarshalUnmarshal/P521/Compressed-8 798ns ± 0% 1299ns ± 1% +62.82% (p=0.000 n=8+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P521-8 810µs ± 3% 1645µs ± 0% +103.03% (p=0.000 n=10+10)
Verify/P521-8 1.42ms ± 1% 3.19ms ± 1% +125.28% (p=0.000 n=10+8)
GenerateKey/P521-8 698µs ± 1% 1549µs ± 0% +121.87% (p=0.000 n=10+7)
Updates #40171
Change-Id: I34edf5002b5e9fad0ebb6c1e2119fb123ea6d18f
Reviewed-on: https://go-review.googlesource.com/c/go/+/360014
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Diffstat (limited to 'src/debug')
0 files changed, 0 insertions, 0 deletions