Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

P-256 ECDSA: Use BoringSSL's WNAF implementation #1759

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

P-256 ECDSA: Use BoringSSL's WNAF implementation #1759

wants to merge 7 commits into from

Conversation

briansmith
Copy link
Owner

For P-256 ECDSA verification, when not using nistz256, use the WNAF-based multiplication. This is faster.

This will serve as a model for the Rust WNAF-based multiplication for P-384 and P-521.

@briansmith
NFC P-256: Add twin_mul method to PublicScalarOps.
40018e3 
Allow each curve to provide its own `twin_mul` implementation. For now,
use the same implementation we've been using.
@briansmith
Import ecp_nistz256_points_mul_public from BoringSSL.
83ceb38 
From BoringSSL commit 8d71d24.

Comment it out until it is modified to work.
@briansmith
P-256 ECDSA verification: Use optimized nistz256 verification.
4fa9905 
Import the optimized nistz256 verification from BoringSSL.
@briansmith
P-256 ECDSA verification: Clarify multiplication.
86f4976 
Move more of the logic for the nistz256 multiplication into Rust.
@briansmith
P-256 nistz: Use arrays instead of P256_POINT in boundary functions.
e6728bf 
Better match the Rust declarations of these functions. Prepare to
support more target platforms and more weird things (like P-521) that
by avoiding any kind of alignment assumptions at the language
boundary (or elsewhere).
@briansmith
Import BoringSSL's ec_compute_wNAF.
63aacbe
@briansmith
P-256 ECDSA verification: Use BoringSSL's W-NAF-based implementation.
2de8499 
On targets where we don't use nistz256, use the Fiat W-NAF-based
implementation instead.
@briansmith briansmith self-assigned this Oct 18, 2023
@briansmith
Copy link
Owner Author

This is blocked on #1757 and #1758.

@briansmith briansmith changed the title P-256 ECDSA: Use BoringSSl's WNAF implementation P-256 ECDSA: Use BoringSSL's WNAF implementation Oct 19, 2023
@briansmith
Copy link
Owner Author

PR #1764 proposes a generalized solution to this. We should compare the performance of that with the performance of this.

@briansmith
Copy link
Owner Author

PR #1764 proposes a generalized solution to this. We should compare the performance of that with the performance of this.

Accordingly, blocked on #1772.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@briansmith briansmith

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@briansmith