mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-22 15:45:10 +00:00
1c678e0e06
Ok, so the original plan was to make mpi_inv_mod() the smallest block that could not be divided. Updated plan is that the smallest block will be either: - ecp_normalize_jac_many() (one mpi_inv_mod() + a number or mpi_mul_mpi()s) - or the second loop in ecp_precompute_comb() With default settings, the minimum non-restartable sequence is: - for P-256: 222M - for P-384: 341M This is within a 2-3x factor of originally planned value of 120M. However, that value can be approached, at the cost of some performance, by setting ECP_WINDOW_SIZE (w below) lower than the default of 6. For example: - w=4 -> 166M for any curve (perf. impact < 10%) - w=2 -> 130M for any curve (perf. impact ~ 30%) My opinion is that the current state with w=4 is a good compromise, and the code complexity need to attain 120M is not warranted by the 1.4 factor between that and the current minimum with w=4 (which is close to optimal perf). |
||
|---|---|---|
| .. | ||
| mbedtls | ||
| .gitignore | ||
| CMakeLists.txt | ||