From d6b9dc043945e8b65ebcd84bfa2668e93041f598 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 3 Oct 2016 00:27:11 +0100
Subject: [PATCH] math/mpx.h, math/mpmont.c: Retune the Karatsuba thresholds.

It seems like Karatsuba isn't especially worthwhile for Montgomery
multiplication at any cryptographically relevant modulus size.  It's
certainly a lose with the new SSE2 multipliers.
---
 math/mpmont.c | 6 ++++--
 math/mpx.h    | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/math/mpmont.c b/math/mpmont.c
index 968766d3..774e8523 100644
--- a/math/mpmont.c
+++ b/math/mpmont.c
@@ -42,6 +42,8 @@
 
 /* #define MPMONT_DISABLE */
 
+#define MPMONT_KTHRESH (16*MPK_THRESH)
+
 /*----- Low-level implementation ------------------------------------------*/
 
 #ifndef MPMONT_DISABLE
@@ -333,7 +335,7 @@ mp *mpmont_reduce(mpmont *mm, mp *d, mp *a)
 
   /* --- Check for serious Karatsuba reduction --- */
 
-  if (n > MPK_THRESH * 3) {
+  if (n > MPMONT_KTHRESH) {
     mp al;
     mpw *vl;
     mp *u;
@@ -391,7 +393,7 @@ mp *mpmont_mul(mpmont *mm, mp *d, mp *a, mp *b)
 {
   size_t n = mm->n;
 
-  if (n > MPK_THRESH * 3) {
+  if (n > MPMONT_KTHRESH) {
     d = mp_mul(d, a, b);
     d = mpmont_reduce(mm, d, d);
   } else {
diff --git a/math/mpx.h b/math/mpx.h
index 4d6288ed..451216f2 100644
--- a/math/mpx.h
+++ b/math/mpx.h
@@ -731,7 +731,7 @@ extern mpw mpx_udivn(mpw */*qv*/, mpw */*qvl*/,
  * algorithms will fail).
  */
 
-#define MPK_THRESH 16
+#define MPK_THRESH 32
 
 /* --- @mpx_kmul@ --- *
  *
-- 
2.11.0