On Thu, Dec 6, 2018 at 11:14 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> [0] "In principal" because there's a fair bit of SCADA gear that does this > because it doesn't have the CPU power to generate new DHE values, as I > found out when I turned on non-DHE checking some years ago. > I think these concerns can largely be addressed by ECDHE with e.g. X25519: https://eprint.iacr.org/2015/343.pdf This implementation does variable-base X25519 scalar multiplication in 13,900,397 cycles, or ~0.869s on a 16MHz AVR CPU commonly found on Arduinos. I imagine fixed-base scalar multiplication can be further optimized. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
