3d450d2844
This commit improves the performance of ECDSA signature verification (over NIST P-256 curve) for x86 platforms. The speedup is by a factor of 1.15x. It does so by: 1) Leveraging the fact that the verification does not need to run in constant time. To this end, we implemented: a) the function ecp_nistz256_points_mul_public in a similar way to the current ecp_nistz256_points_mul function by removing its constant time features. b) the Binary Extended Euclidean Algorithm (BEEU) in x86 assembly to replace the current modular inverse function used for the inversion. 2) The last step in the ECDSA_verify function compares the (x) affine coordinate with the signature (r) value. Converting x from the Jacobian's representation to the affine coordinate requires to perform one inversions (x_affine = x * z^(-2)). We save this inversion and speed up the computations by instead bringing r to x (r_jacobian = r*z^2) which is faster. The measured results are: Before (on a Kaby Lake desktop with gcc-5): Did 26000 ECDSA P-224 signing operations in 1002372us (25938.5 ops/sec) Did 11000 ECDSA P-224 verify operations in 1043821us (10538.2 ops/sec) Did 55000 ECDSA P-256 signing operations in 1017560us (54050.9 ops/sec) Did 17000 ECDSA P-256 verify operations in 1051280us (16170.8 ops/sec) After (on a Kaby Lake desktop with gcc-5): Did 27000 ECDSA P-224 signing operations in 1011287us (26698.7 ops/sec) Did 11640 ECDSA P-224 verify operations in 1076698us (10810.8 ops/sec) Did 55000 ECDSA P-256 signing operations in 1016880us (54087.0 ops/sec) Did 20000 ECDSA P-256 verify operations in 1038736us (19254.2 ops/sec) Before (on a Skylake server platform with gcc-5): Did 25000 ECDSA P-224 signing operations in 1021651us (24470.2 ops/sec) Did 10373 ECDSA P-224 verify operations in 1046563us (9911.5 ops/sec) Did 50000 ECDSA P-256 signing operations in 1002774us (49861.7 ops/sec) Did 15000 ECDSA P-256 verify operations in 1006471us (14903.6 ops/sec) After (on a Skylake server platform with gcc-5): Did 25000 ECDSA P-224 signing operations in 1020958us (24486.8 ops/sec) Did 10373 ECDSA P-224 verify operations in 1046359us (9913.4 ops/sec) Did 50000 ECDSA P-256 signing operations in 1003996us (49801.0 ops/sec) Did 18000 ECDSA P-256 verify operations in 1021604us (17619.4 ops/sec) Developers and authors: *************************************************************************** Nir Drucker (1,2), Shay Gueron (1,2) (1) Amazon Web Services Inc. (2) University of Haifa, Israel *************************************************************************** Change-Id: Idd42a7bc40626bce974ea000b61fdb5bad33851c Reviewed-on: https://boringssl-review.googlesource.com/c/31304 Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> |
||
---|---|---|
.. | ||
ecdsa_sign_tests.txt | ||
ecdsa_test.cc | ||
ecdsa_verify_tests.txt | ||
ecdsa.c |