math/mpx.h, math/mpmont.c: Retune the Karatsuba thresholds.

It seems like Karatsuba isn't especially worthwhile for Montgomery
multiplication at any cryptographically relevant modulus size.  It's
certainly a lose with the new SSE2 multipliers.

diff --git a/math/mpmont.c b/math/mpmont.c
index 968766d..774e852 100644 (file)
--- a/math/mpmont.c
+++ b/math/mpmont.c
@@ -42,6 +42,8 @@
 
 /* #define MPMONT_DISABLE */
 
+#define MPMONT_KTHRESH (16*MPK_THRESH)
+
 /*----- Low-level implementation ------------------------------------------*/
 
 #ifndef MPMONT_DISABLE
@@ -333,7 +335,7 @@ mp *mpmont_reduce(mpmont *mm, mp *d, mp *a)
 
   /* --- Check for serious Karatsuba reduction --- */
 
-  if (n > MPK_THRESH * 3) {
+  if (n > MPMONT_KTHRESH) {
     mp al;
     mpw *vl;
     mp *u;
@@ -391,7 +393,7 @@ mp *mpmont_mul(mpmont *mm, mp *d, mp *a, mp *b)
 {
   size_t n = mm->n;
 
-  if (n > MPK_THRESH * 3) {
+  if (n > MPMONT_KTHRESH) {
     d = mp_mul(d, a, b);
     d = mpmont_reduce(mm, d, d);
   } else {

diff --git a/math/mpx.h b/math/mpx.h
index 4d6288e..451216f 100644 (file)
--- a/math/mpx.h
+++ b/math/mpx.h
@@ -731,7 +731,7 @@ extern mpw mpx_udivn(mpw */*qv*/, mpw */*qvl*/,
  * algorithms will fail).
  */
 
-#define MPK_THRESH 16
+#define MPK_THRESH 32
 
 /* --- @mpx_kmul@ --- *
  *