Switch non-alt ARM X25519 to unsaturated code following Lenngren · awslabs/s2n-bignum@25ca317

Commit

Switch non-alt ARM X25519 to unsaturated code following Lenngren

This completely changes the implementation of ARM curve25519_x25519
and curve25519_x25519_byte (not the _alt forms, which remain faster
on their target microarchitectures) to a base-25.5 unsaturated version
with interleaved integer and SIMD operations, the inner loop closely
following Emil Lenngren's implementation described in the paper

  https://github.com/Emill/X25519-AArch64/blob/master/X25519_AArch64.pdf

and available here:

  https://github.com/Emill/X25519-AArch64

A version of this code was generated by SLOTHY from the reorganized
implementation by Hanno Becker here:

 https://github.com/slothy-optimizer/slothy/blob/main/paper/clean/neon/X25519-AArch64-simple.s

as described in the associated paper

  https://eprint.iacr.org/2022/1303.pdf

with some additional annotations for use in the formal proof. The
final modular inverse computation reverts to the usual saturated
representation and s2n-bignum's divstep-based inverse function.

Loading branch information

jargh committed Feb 9, 2024

1 parent b2e7f4c commit 25ca317

0 comments on commit `25ca317`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `25ca317`

Commit

There are no files selected for viewing

0 comments on commit 25ca317

0 comments on commit `25ca317`