On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg iang@cs.uwaterloo.ca wrote:
Nick, were you planning on using djb's qhasm code, or the C version (curve25519-donna)? (A quick look at the latter suggests it's doing left-to-right, so some changes would still be required, but not evil assembly ones.
donna is much faster than the reference implementation on 64-bit, but much slower at 32-bit. The reference implementation was, indeed, derived from a qhasm source, although I don't have it. (donna was only intended to work on 64-bit systems, the 32-bit version is just for completeness.)
Since both use Montgomery's trick for operating in the group, it's not clear that either are amenable to implementing simultaneous exponentiation. However, curve25519 is generally sufficiently fast that calling it twice is still faster than a simultaneous exponentiation on other curves: http://www.imperialviolet.org/2010/12/21/eccspeed.html
Cheers
AGL