On Wed, 4 Mar 2026 09:12:14 GMT, Shawn Emery <[email protected]> wrote:
>> This implementation changes the limb size of X25519 from 10 x 26 bits to 5 x >> 51 bits in order to take advantage of performance gains from a reduction in >> the number of limb operations. >> >> Performance gains were observed from the key generation/agreement, >> encapsulation, and decapsulation benchmarks for both aarch64 with 3 - 8% >> gains and x86_64 with 9% gains. >> >> Thank you @ferakocz for their help in working through the early stages of >> this code with me. > > Shawn Emery has updated the pull request incrementally with one additional > commit since the last revision: > > Fix whitespace errors src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial25519.java line 33: > 31: private static final int BITS_PER_LIMB = 51; > 32: private static final int NUM_LIMBS = 5; > 33: private static final int MAX_ADDS = 1; Actually, if you do a carry from c5 to c6 before the "pseudo-Mersenne reduction", you can set this to 2, I think. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/29981#discussion_r2883002681
