From 4875e3cee488d85cc6976e4ddbbbcaa9a5acbedd Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Tue, 24 Mar 2020 13:34:29 +0100
Subject: [PATCH] Added dangerous X25519 speed benchmarks

---
 src/monocypher.c    |  8 ++++++--
 tests/speed/speed.c | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/monocypher.c b/src/monocypher.c
index 8a9c792..c52d625 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -2296,6 +2296,9 @@ static void add_xl(u8 s[32], u8 x)
 }
 
 // "Small" dangerous ephemeral key.
+// Use if you need to shrink the size of the binary, and can tolerate a
+// slowdow by a factor of two (compared to the fast version)
+//
 // This version works by decoupling the cofactor from the main factor.
 //
 // - The trimmed scalar determines the main factor
@@ -2336,11 +2339,12 @@ void crypto_x25519_dangerous_small(u8 public_key[32], const u8 secret_key[32])
 }
 
 // "Fast" dangerous ephemeral key
+// We use this one by default.
 //
 // This version works by performing a regular scalar multiplication,
 // then add a low order point.  The scalar multiplication is done in
-// Edwards space for more speed.  The cost is a bigger binary programs
-// that don't also sign messages.
+// Edwards space for more speed (*2 compared to the "small" version).
+// The cost is a bigger binary programs that don't also sign messages.
 void crypto_x25519_dangerous_fast(u8 public_key[32], const u8 secret_key[32])
 {
     static const fe lop_x = {
diff --git a/tests/speed/speed.c b/tests/speed/speed.c
index a626efd..258c37c 100644
--- a/tests/speed/speed.c
+++ b/tests/speed/speed.c
@@ -184,6 +184,24 @@ static u64 x25519_inverse(void)
     TIMING_END;
 }
 
+static u64 x25519_sp_fast(void)
+{
+    RANDOM_INPUT(sk, 32);
+    TIMING_START {
+        crypto_x25519_dangerous_fast(sk, sk);
+    }
+    TIMING_END;
+}
+
+static u64 x25519_sp_small(void)
+{
+    RANDOM_INPUT(sk, 32);
+    TIMING_START {
+        crypto_x25519_dangerous_small(sk, sk);
+    }
+    TIMING_END;
+}
+
 int main()
 {
     print("Chacha20            ",chacha20()     *MUL ,"megabytes  per second");
@@ -196,6 +214,8 @@ int main()
     print("EdDSA(sign)         ",edDSA_sign()        ,"signatures per second");
     print("EdDSA(check)        ",edDSA_check()       ,"checks     per second");
     print("x25519 inverse      ",x25519_inverse()    ,"scalar inv per second");
+    print("x25519 special fast ",x25519_sp_fast()    ,"scalar inv per second");
+    print("x25519 special small",x25519_sp_small()    ,"scalar inv per second");
     printf("\n");
     return 0;
 }
-- 
2.47.3