From: djb@cr.yp.to (D. J. Bernstein)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH net-next v6 19/23] zinc: Curve25519 ARM implementation
Date: 5 Oct 2018 15:05:38 -0000 [thread overview]
Message-ID: <20181005150538.17006.qmail@cr.yp.to> (raw)
In-Reply-To: CAHmME9rp0Fi5ObK5oi8FHj1_nK5hP4T2Bq7_dAmzq4OQ0mp0uw@mail.gmail.com
For the in-order ARM Cortex-A8 (the target for this code), adjacent
multiply-add instructions forward summands quickly. A simple in-order
dot-product computation has no latency problems, while interleaving
computations, as suggested in this thread, creates problems. Also, on
this microarchitecture, occasional ARM instructions run in parallel with
NEON, so trying to manually eliminate ARM instructions through global
pointer tracking wouldn't gain speed; it would simply create unnecessary
code-maintenance problems.
See https://cr.yp.to/papers.html#neoncrypto for analysis of the
performance of---and remaining bottlenecks in---this code. Further
speedups should be possible on this microarchitecture, but, for anyone
interested in this, I recommend focusing on building a cycle-accurate
simulator (e.g., fixing inaccuracies in the Sobole simulator) first.
Of course, there are other ARM microarchitectures, and there are many
cases where different microarchitectures prefer different optimizations.
The kernel already has boot-time benchmarks for different optimizations
for raid6, and should do the same for crypto code, so that implementors
can focus on each microarchitecture separately rather than living in the
barbaric world of having to choose which CPUs to favor.
---Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20181005/4e88b0fb/attachment.sig>
next prev parent reply other threads:[~2018-10-05 15:05 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20180925145622.29959-1-Jason@zx2c4.com>
2018-09-25 14:56 ` [PATCH net-next v6 05/23] zinc: import Andy Polyakov's ChaCha20 ARM and ARM64 implementations Jason A. Donenfeld
[not found] ` <CAKv+Gu8-EwxFhQSUPxjEvTA5ZPz34RieMokM6CUqwURDr74jtg@mail.gmail.com>
2018-09-28 15:51 ` Ard Biesheuvel
2018-09-28 15:57 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 06/23] zinc: port " Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 07/23] zinc: " Jason A. Donenfeld
2018-09-26 8:59 ` Ard Biesheuvel
2018-09-26 13:32 ` Jason A. Donenfeld
2018-09-26 14:02 ` Ard Biesheuvel
2018-09-26 15:41 ` Jason A. Donenfeld
2018-09-26 16:54 ` Ard Biesheuvel
2018-09-26 17:07 ` Jason A. Donenfeld
2018-09-26 17:37 ` Eric Biggers
2018-09-26 17:46 ` Jason A. Donenfeld
2018-09-26 15:41 ` Ard Biesheuvel
2018-09-26 15:45 ` Jason A. Donenfeld
2018-09-26 15:49 ` Jason A. Donenfeld
2018-09-26 15:51 ` Ard Biesheuvel
2018-09-26 15:58 ` Jason A. Donenfeld
2018-09-27 0:04 ` Jason A. Donenfeld
2018-09-27 13:26 ` Jason A. Donenfeld
2018-09-27 15:19 ` Jason A. Donenfeld
2018-09-27 16:26 ` Andy Lutomirski
2018-09-27 17:06 ` Jason A. Donenfeld
2018-09-26 16:21 ` Andy Lutomirski
2018-09-26 17:03 ` Jason A. Donenfeld
2018-09-26 17:08 ` Ard Biesheuvel
2018-09-26 17:23 ` Andy Lutomirski
2018-09-26 14:36 ` Andrew Lunn
2018-09-26 15:25 ` Jason A. Donenfeld
2018-09-28 16:01 ` Ard Biesheuvel
2018-09-29 2:20 ` Jason A. Donenfeld
2018-09-29 6:16 ` Ard Biesheuvel
2018-09-30 2:33 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 11/23] zinc: import Andy Polyakov's Poly1305 " Jason A. Donenfeld
2018-10-03 6:12 ` Eric Biggers
2018-10-03 7:58 ` Ard Biesheuvel
2018-10-03 14:08 ` Jason A. Donenfeld
2018-10-03 14:45 ` Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 12/23] zinc: " Jason A. Donenfeld
2018-09-25 14:56 ` [PATCH net-next v6 19/23] zinc: Curve25519 ARM implementation Jason A. Donenfeld
2018-10-02 16:59 ` Ard Biesheuvel
2018-10-02 21:35 ` Richard Weinberger
2018-10-03 1:03 ` Jason A. Donenfeld
2018-10-05 15:05 ` D. J. Bernstein [this message]
2018-10-05 15:16 ` Ard Biesheuvel
2018-10-05 18:40 ` Jason A. Donenfeld
2018-10-03 3:10 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181005150538.17006.qmail@cr.yp.to \
--to=djb@cr.yp.to \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).