ed448goldilocks

1.6 MiB

Author	SHA1	Message	Date
Michael Hamburg	a69002875c	reverse convention for constant_time_select, resolving a TODO	9 years ago
Michael Hamburg	4de70b837c	separate out strobe and spongerng from shake. strobe is experimental. spongerng is experimental internally but the interface should be pretty good (except for any camelCase vs snake_case issues). shake should be stable	9 years ago
Mike Hamburg	704b424982	dual scalarmul because of TLS discussion	9 years ago
Mike Hamburg	c6d7fdec35	some alignment and gcc-related fixes. Unfortunately, the python ffi still dies for alignment-related reasons :-(	9 years ago
Michael Hamburg	23726f4f73	clear a todo from f_arithmetic.c	9 years ago
Mike Hamburg	9ce5cbf53c	perf improvement in keygen, sign	10 years ago
Mike Hamburg	edb25d093c	perf improvement in keygen, sign; fix perf regression for decaf versions of these	10 years ago
Michael Hamburg	12a5d0890c	decaf seems to work for monty; needs more testing, negative testing. Now should match sage script exactly.	10 years ago
Mike Hamburg	6546660199	E-521-related changes. Not quite ready yet... This is largely a save-your-work checkin. Created p521/arch_ref64 code to make sure E-521 basically works. Fixed some of the testing code around E-521. It doesn't quite pass everything yet. Created p521/arch_x86_64 code with optimized multiply. In this checkin, the multiply is fast and works, but all the other code in that directory is the completely unoptimized ref64 build which reduces after every add and sub. So the whole thing isn't fast yet.	10 years ago
Mike Hamburg	edc6afe496	no perf regression on haswell. Also, factored out field_cond_neg; restored p448_ prefixes in case of multiple fields in the same lib	10 years ago
Michael Hamburg	c6d69dec2e	WARNING: This commit is largely untested. Continuing demagication and factoring of field code. Removing high-level ops from p448.h and putting them in field.h. That way they won't need rewriting for new fields and architectures. Create constant_time.h which contains constant-time lookups, condswaps, etc. That way the code is the same on all architectures, instead of varying depending on whether the field size is a multiple of the vector register size. I should still add a constant_time_select to factor out field_cond_negate. TODO: I need to test this for correctness and performance on various platforms. It works on my Mac, but since Yosemite the timing is totally unpredictable (background tasks? variable boost?).	10 years ago

10 Commits (992183a8bf6d1457c78e375ccfd26afc9c776f9e)