Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
That's pretty good table. It would be nice to have a comparison of modinv with mpz_invert as a baseline (you also don't need to use a timing resistant modinv during verification).
That would make sense. On the mpn level, the corresponding GMP function is mpn_gcdext.
How hard could it be to add the wmNAF multiplication from ecc_mulmod.c in gnutls to this list for comparison?
Do you have some example code to use this gnutls function? Then I'm afraid it might also be a bit tricky to get linking right if we want to have it all in the same benchmark executable.
If it is much faster than mul_a, then it would be a good candidate for the multiplication needed in DH (which doesn't need to be side-channel resistant).
There are two potential gains from using gnutls code or something similar: (i) Fewer point additions, due to more clever window hadling and/or exponent recoding. (ii) The add and dup primitives could be sped up a little if they're not required to be side-channel silent.
Regards, /Niels