M0+ version

[martin31821]

Is there an easy way to port this library to the Cortex M0+ (or ARMv6-M in general)?

[Emill]

Hi @martin31821!

The amazing speed is mainly due to the availability of the UMAAL instruction in Cortex-M4 which in one cycle computes the 64-bit result of a*b+c+d (all inputs are 32-bits). Unfortunately with Cortex-M0(+) you only have the MULS instruction which computes the 32-bit result a*b (inputs are 32-bits), so you need to compute 4 multiplications to get a 64-bit result, as well as add everything together. That's the main reason why Cortex-M0(+) is so much slower.

You should be able to use https://munacl.cryptojedi.org/curve25519-cortexm0.shtml on Cortex-M0+ to get decent performance (3.6 Mcycles per operation). I'm working on a slightly optimized version, mainly focusing on reducing the size of the code since the multiplication loop there is too much unrolled, but also use more assembly code to squeeze out more performance. It's similar to https://github.com/Emill/P256-cortex-ecdh/blob/master/P256-cortex-m0-ecdh-keil.s. Please tell me if you think I should polish it and put it up.

[martin31821]

Thanks for the explanation. I also found the curve25519 implementation you linked during my research and I'll test it on my device.
Your code looks awsome, even though I'm not very experienced with arm assembler, so if you are already on it and it isn't much extra work, I'd really like to see the optimized version.

[xavieryin]

I'm working on a slightly optimized version, mainly focusing on reducing the size of the code since the multiplication loop there is too much unrolled, but also use more assembly code to squeeze out more performance. It's similar to https://github.com/Emill/P256-cortex-ecdh/blob/master/P256-cortex-m0-ecdh-keil.s. Please tell me if you think I should polish it and put it up.

Thank you @Emill for sharing all these fine work. I'm just to replying here, as another happy M4 version user, to express my intrest to your M0(+) version. Is it already avaliable somewhere?