It seems like Karatsuba isn't especially worthwhile for Montgomery
multiplication at any cryptographically relevant modulus size. It's
certainly a lose with the new SSE2 multipliers.
/* #define MPMONT_DISABLE */
+#define MPMONT_KTHRESH (16*MPK_THRESH)
+
/*----- Low-level implementation ------------------------------------------*/
#ifndef MPMONT_DISABLE
/* --- Check for serious Karatsuba reduction --- */
- if (n > MPK_THRESH * 3) {
+ if (n > MPMONT_KTHRESH) {
mp al;
mpw *vl;
mp *u;
{
size_t n = mm->n;
- if (n > MPK_THRESH * 3) {
+ if (n > MPMONT_KTHRESH) {
d = mp_mul(d, a, b);
d = mpmont_reduce(mm, d, d);
} else {
* algorithms will fail).
*/
-#define MPK_THRESH 16
+#define MPK_THRESH 32
/* --- @mpx_kmul@ --- *
*