Re: A 32bit/64bit performance data point

To: Ron Johnson <ron.l.johnson@cox.net>
Cc: Debian-AMD64 <debian-amd64@lists.debian.org>
Subject: Re: A 32bit/64bit performance data point
From: Karl Magdsick <kmagnum@gmail.com>
Date: Sat, 11 Dec 2004 04:12:21 -0500
Message-id: <[🔎] cd8ecdef041211011254aa2d5@mail.gmail.com>
Reply-to: Karl Magdsick <kmagnum@gmail.com>
In-reply-to: <[🔎] 1102686016.2013.11.camel@haggis.homelan>
References: <[🔎] 20041210123604.GU30613@seventeen> <[🔎] 1102686016.2013.11.camel@haggis.homelan>

Oops, I originally replied only to Ron.

Well, it's the libgmp (Gnu Multi-Precission math library) folks and
the OpenSSL folks that you hope are generating efficient AMD64 code
for discrete mathematics over finite fields (DH, El Gamal, DSA) and
finite rings (RSA).  GMP uses hand-optimized assembly on most
architectures, as does OpenSSL.

OpenSSL uses it's own big integer code (in crypto/bn).  It looks like
for 4096-bit moduli, AMD64 asm runs 2 to 4 times as fast as IA-32
asm.  (The note says IA-32 asm is about as fast as AMD64 C for the big
integer code.)  Note that DSA for all key sizes still uses some
160-bit finite field math.


-Karl


from: http://cvs.openssl.org/getfile/openssl/crypto/bn/asm/x86_64-gcc.c?v=1.1.4.3

* Q. How much faster does it get?
* A. 'apps/openssl speed rsa dsa' output with no-asm:
*
*                        sign    verify    sign/s verify/s
*      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
*      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
*      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
*      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
*                        sign    verify    sign/s verify/s
*      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
*      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
*      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
*
*    'apps/openssl speed rsa dsa' output with this module:
*
*                        sign    verify    sign/s verify/s
*      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
*      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
*      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
*      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
*                        sign    verify    sign/s verify/s
*      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
*      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
*      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
*
*    For the reference. IA-32 assembler implementation performs
*    very much like 64-bit code compiled with no-asm on the same
*    machine.
*/



On Fri, 10 Dec 2004 07:40:16 -0600, Ron Johnson <ron.l.johnson@cox.net> wrote:
> On Fri, 2004-12-10 at 13:36 +0100, Bill Allombert wrote:
> [snip]
> 
> > Also amd64 is the only 64bit extension I know that have a hardware
> > 64bitx64bit-to-128bit multiplication. Running this bench on sparc64
> 
> How much would help crypto work?
> 
> (I hope the GCC AMD64 people noticed, and generate the proper
> code... :)
> 
> --
> -----------------------------------------------------------------
> Ron Johnson, Jr.
> Jefferson, LA USA
> PGP Key ID 8834C06B I prefer encrypted mail.
> 
> "Vegetarians eat Vegetables, Humanitarians frighten me."
> Unknown
> 
> 
>

Reply to:

References:
- A 32bit/64bit performance data point
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>
- Re: A 32bit/64bit performance data point
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: Re: Kernel compilation problem
Next by Date: Re: Intel EM64T porting machine for Debian
Previous by thread: Re: A 32bit/64bit performance data point
Next by thread: Recommedn AMD64 machine for Debian
Index(es):
- Date
- Thread