GMP versus TFM on an AMD64

From: tomstdenis@xxxxxxxxx
Date: 17 Mar 2006 21:30:17 -0800

For all those who were trying to insult me about how much GMP was
faster...

:-) ^_^ grin ^_^

This is on an Opteron 275 running the latest GMP and my newly crafted
GMP plugin for LTC (basically calls mpz_powm).

GMP:
RSA-1024 encrypt_key took 121194 cycles
RSA-1024 decrypt_key took 1845297 cycles
RSA-1280 encrypt_key took 169824 cycles
RSA-1280 decrypt_key took 3278677 cycles
RSA-1536 encrypt_key took 229255 cycles
RSA-1536 decrypt_key took 5317780 cycles
RSA-1792 encrypt_key took 301444 cycles
RSA-1792 decrypt_key took 8069089 cycles
RSA-2048 encrypt_key took 384635 cycles
RSA-2048 decrypt_key took 11513466 cycles

Compare to TFM:
RSA-1024 encrypt_key took 178994 cycles
RSA-1024 decrypt_key took 1376474 cycles
RSA-1280 encrypt_key took 285829 cycles
RSA-1280 decrypt_key took 2228425 cycles
RSA-1536 encrypt_key took 337265 cycles
RSA-1536 decrypt_key took 3488658 cycles
RSA-1792 encrypt_key took 398694 cycles
RSA-1792 decrypt_key took 5109385 cycles
RSA-2048 encrypt_key took 464253 cycles
RSA-2048 decrypt_key took 6981056 cycles

For the smaller sizes GMP does better mostly because I setup more k-ary
table than I should. But on the decrypt side TFM clearly wins.

I don't have ECC timings yet [I have ECC working though] as GMP seems
to lack a publicly exported reduction function. I'll craft one doing
whole number montgomery reduction. Right now I'm using mpz_mod and it
makes it between 2x and 3x slower than TFM. I won't list them since I
acknowledge that isn't a fair fight.

Roughly speaking both shared objects [for GMP and TFM] are about the
same size. Though GMP does some odder things TFM doesn't. That said
for crypto purposes I don't see the draw for GMP. It's clearly not
faster than TFM, at least on my AMD64 box.

Tom

.

Follow-Ups:
- Re: GMP versus TFM on an AMD64
  - From: Felix Rawlings
- Re: GMP versus TFM on an AMD64
  - From: D. J. Bernstein
- Re: GMP versus TFM on an AMD64
  - From: Felix Rawlings
- Re: GMP versus TFM on an AMD64
  - From: tomstdenis
- Re: GMP versus TFM on an AMD64
  - From: tomstdenis
- Re: GMP versus TFM on an AMD64
  - From: D. J. Bernstein
- Re: GMP versus TFM on an AMD64
  - From: tomstdenis
- Re: GMP versus TFM on an AMD64
  - From: Felix Rawlings

Prev by Date: Re: Encryption provably free of trapdoors
Next by Date: Re: Encryption provably free of trapdoors
Previous by thread: libtom* back up
Next by thread: Re: GMP versus TFM on an AMD64
Index(es):
- Date
- Thread

Relevant Pages

Re: GMP versus TFM on an AMD64
... even the Intel offerings] are meant to target. ... So let's keep it to apples and apples? ... The point was I was bored enough to learn how to use GMP and then make ... of the box without tweaking] that TFM beats GMP by a good chunk. ...
(sci.crypt)
Re: GMP versus TFM on an AMD64
... GMP plugin for LTC. ... Should note that on my Dothan laptop GMP *is* faster than TFM. ... have unrolled multipliers suitably for the size. ...
(sci.crypt)
Re: GMP versus TFM on an AMD64
... And on the Pentium 4 Prescott TFM is faster than GMP. ... 47,437,931 cycles with TFM. ... Oddly enough though encryption for most RSA sizes is faster with GMP ...
(sci.crypt)