Slowdown after switch to crypto-bigint
#490
Comments
|
So one difference that I see is that |
|
Yeah, that's one difference: However, that could also be a clue to the slowdown, namely there may be places where fixed-but-dynamic precision That's my best guess anyway. I'm not sure to sleuth out exactly where that might be happening other than tediously going through line-by-line and comparing the implementations or otherwise looking for unnecessary leading zeros (via e.g. |
|
The difference comes from the fact that we now do a lot of operation over numbers twice as large as they need to be, at least that is what I remember when I last checked. if each prime has x bits, we end up doing operations on numbers of the size of 2x bits in a bunch of places, when often times something much smaller would suffice. |
|
Yep, I just reached that conclusion as well. There are several instances of exponentiation modulo |
|
Btw if anyone wants to deal with this issue, feel free, I don't think I will have enough free time in the coming weeks. |
Benchmarks slowed down several times after #394. What could be the reason?
Performance improvements for boxed uints (RustCrypto/crypto-bigint#777) and the corresponding changes in
crypto-primes(entropyxyz/crypto-primes#78) don't really change the results much according to my tests.signtest time is split ~50/50 between Montgomery exponentiation (with all the time spent inalmost_montgomery_mul(), the lowest level function) andBoxedUint::inv_mod();decryptis almost exclusively exponentiation. Both of these are the calls inRSAitself;crypto-primescalls take negligible time.So it seems that either these two functions are somehow much slower than
num-bigint(possible, yet unlikely, and straightforward to test), or somehow #394 changed the algorithm to apply them more times than necessary.The text was updated successfully, but these errors were encountered: