Slice bytes of G multiples to avoid cache timings. #1
pull sipa wants to merge 1 commits into bitcoin-core:master from sipa:slice changing 1 files +28 −7-
sipa commented at 11:29 pm on March 6, 2014: contributor
-
Slice bytes of G multiples to avoid cache timings 65a79b300c
-
gmaxwell commented at 0:06 am on March 7, 2014: contributor
So measuring the cycle counts for pubkey generation (on my laptop, pinned to a single cpu and running with realtime priority):
(tn is with the pull, to is without)
summary(scan(’tn’)) Read 1000000 items Min. 1st Qu. Median Mean 3rd Qu. Max. 76450 76920 77010 78230 77110 439600 summary(scan(’to’)) Read 1000000 items Min. 1st Qu. Median Mean 3rd Qu. Max. 63810 64380 64450 65440 64540 311000 sd(scan(’tn’)) Read 1000000 items [1] 4820.458 sd(scan(’to’)) Read 1000000 items [1] 4523.553
So it’s a fair bit slower, and it’s not obvious that it reduced the timing variance. (though it is sightly less if I exclude measurements past the 3rd quartile)
-
sipa commented at 0:18 am on March 7, 2014: contributorI only expect time variations if you have significant ranges of identical multiplicand bits between consecutive runs, which I don’t expect to happen in random multiplications.
-
sipa referenced this in commit 78cb860733 on Mar 12, 2014
-
sipa merged this on Mar 12, 2014
-
sipa closed this on Mar 12, 2014
-
taolinke cross-referenced this on Sep 14, 2017 from issue bench_verify test condition failed by taolinke
-
unknown cross-referenced this on Dec 8, 2017 from issue Cannot build on Debian stretch by possientis
-
gmaxwell cross-referenced this on Mar 4, 2019 from issue Allow to use external default callbacks by real-or-random
-
benma referenced this in commit d581749227 on Jun 21, 2019
-
Davidson-Souza cross-referenced this on Jun 20, 2023 from issue ElligatorSwift + integrated x-only DH by sipa