Re: ECC template library

Ben Livengood wrote:
Speaking of ECC over GF(2^n), any chance you can get AMD to provide a
bit flag or prefix for turning off the carry propogation circuitry in
the MUL and DIV instructions? My guess is that GF(2^n) is quite a bit
faster than GF(p) when done in hardware, not to mention unencumbered by
patents...

There are ways [designed by Sun] for having one circuit do either
integer or GF(2) mults. It's slower than either natively but smaller
than having both.

I don't speak for AMD on this issue [they're freak out if I did] but if
enough pressure would come to bear from one of their partners they may
look into it. You have to keep in mind what sounds like a good idea
today and what ends up in a cpu you can buy at a store is like a 4 yr
gap at a minimum. Adding new opcodes or hardware is seriously tricky
business given the price of real estate and the co-ordination that goes
on in it.

That said there are fast ways of doing GF(2) mults despite the lack of
a good multiplier. Even with these "awkward" multipliers you can get
binary ECC faster than prime ECC and RSA.

Things that can help out more would be a faster cache, 128-bit FPU
[e.g. for 128-bit shifts, xors, etc] and the like.

Tom

.