0.000000 initialization    0.003892 computing rP    0.002539 first part of map_to_point    0.021641 make_order_q    0.013345 miller    0.005965 Tate power    0.002803 gid^r    elapsed time: 0.050865    dec time: 0.047570    [ibe-0.20.tgz]Tue Feb  5 14:13:55 PST 2002    Cleaned up code: renamed weil.c to curve.c, removed some functions. Old    stuff still in messyweil.cFri Feb  1 13:38:12 PST 2002    Added wrapper functions for the preprocessing. With preprocessing,    Miller takes about 13ms, faster than Tate power.    Library is really messy now. Cleanup urgently needed.    Implemented Paulo's Tate power speedup.    benchmarks:    0.000000 initialization    0.011810 computing rP    0.002505 first part of map_to_point    0.021769 make_order_q    0.034027 miller    0.005943 Tate power    0.002843 gid^r    elapsed time: 0.079081    dec time: 0.052273    (nonprepro. times shown)    Fixed a memory leak in point_mul.    Added point_mul with preprocessing. Halved its running time.    Can speed up further but will wait until something else has been improved.    benchmarks:    0.000000 initialization    0.003964 computing rP    0.002503 first part of map_to_point    0.022384 make_order_q    0.033489 miller    0.005958 Tate power    0.002757 gid^r    elapsed time: 0.071254    dec time: 0.043824    With prepro, main time-waster is make_order_q, followed by miller():Fri Feb  1 02:22:56 PST 2002    Paulo was right: it appears R1, R2 are unnecessary. Switched to f_P(Q),    where (f_P) = n(P) - n(O).    Also, at the end of miller(), you know Z = O, so the last    computations are specialized (g_1 will be a vertical line, g_2 = 1),    and cP is unnecessary.    Added preprocessing to miller.Thu Jan 31 14:43:33 PST 2002    imratio is more accurate now => can tweak fp2_mul/sqr intelligently    F_p^2 operations    5000 2R = 0.903701    5000 M = 0.105984    5000 S = 0.079674    5000 I = 0.501329    I/M = 4.730233    F_p operations    5000 2R = 0.445734    5000 M = 0.015692    5000 I = 0.360830    I/M = 22.994520    benchmarks:    0.000000 initialization    0.013884 computing rP    0.002529 first part of map_to_point    0.022575 make_order_q    0.033527 miller    0.014245 Tate power    0.002888 gid^r    elapsed time: 0.089950    dec time: 0.061137Tue Jan 29 09:36:11 PST 2002    Added #ifdef BENCHMARK's.    Decided to inline fp2_sqr in fp2_pow after all.Sun Jan 27 14:08:58 PST 2002    Added -fomit-frame-point, -ffast-math, -funroll-loops to CFLAGS in Makefile.    Makes a minor difference.    Replaced some code with mpz_scan1.    Can inline fp2_sqr in fp2_pow() to get a few ms, but code becomes less    clear.    Rewrote fp2.c so intpower2 is unnecessary.Sun Jan 27 00:38:35 PST 2002    Using gcc-3.0 (prerelease I guess) now.    Benchmark.c now uses gettimeofday(), as other methods have poor    resolution. Running times are now wall-clock times.    Rewrote so that there are projective coords in miller(). Should have    seen this a long time ago.    Shaves another 10ms off.    Calling mpz functions instead of fp2's: 5ms off:    benchmarks:    0.000000 initialization    0.010500 computing rP    0.003288 first part of map_to_point    0.022337 make_order_q    0.037955 miller    0.027258 Tate power    0.004964 gid^r    elapsed time: 0.106770    dec time: 0.076185    Stupid fix: I wasn't using fp2_sqr in fp2_pow.    Just for the record: sometimes encryption takes less than 100ms. I've    finally broken the 0.1s barrier!    benchmarks:    0.000000 initialization    0.010612 computing rP    0.002494 first part of map_to_point    0.022326 make_order_q    0.038068 miller    0.021602 Tate power    0.004031 gid^r    elapsed time: 0.099605    Also changing slidingwindowsize to 5 seems to improve tatepower().    Removed an int s[m+1] (for VC++ compatibility).Thu Jan 24 16:06:35 PST 2002    Fixed IBE_get_shared_secret().    [ibe-0.19.tgz]Tue Jan 22 19:11:11 PST 2002    get_*() functions aren't correct w.r.t evaluating at O. Lines have    poles at infinity, so what I was doing didn't make sense.Sat Jan 19 20:46:55 PST 2002    Using GMP 4 gives another 10ms:    0.000000 initialization    0.010000 computing rP    0.000000 first part of map_to_point    0.020000 make_order_q    0.050000 miller    0.030000 Tate power    0.010000 gid^r    elapsed time: 0.130000    Removed unnecesary terms in miller():    elapsed time: 0.120000Fri Jan 18 15:51:58 PST 2002    [ibe-0.18.tgz]    Subgroup size now a Solinas prime. Rewrote miller() to take advantage of    this (old one is still there; the library automatically selects the right    one to use). Didn't speed it up by that much (about 30ms).    Example run (512-bit):    0.000000 initialization    0.010000 computing rP    0.010000 first part of map_to_point    0.020000 make_order_q    0.060000 miller    0.030000 Tate power    0.010000 gid^r    elapsed time: 0.140000Wed Jan 16 16:31:04 PST 2002    Finally found the bug: zeta is supposed to be a cube root of unity, and    I was using (-1/2 + -1/2 * sqrt(-3)), but since I was extending Z_p by    sqrt(-3) I took a shortcut and used (-1/2, -1/2). Now I have to explicitly    solve it to find zeta. (i.e. since I'm using sqrt(-1) now I have to    find sqrt(3) = 3^((p+1)/4)    Fixed this bug, also created a fp2_set_cbrt_unity function to make the    bug easier to find in the future. It belongs there in any case.    Removed nqr from fp2.c. Should be slightly faster.Wed Nov 21 19:57:58 PST 2001    Something's wrong: it doesn't like nqr != 3 for some reason.Tue Nov 20 21:00:59 PST 2001    After looking at competitor code, I decided to remove some generality    from my code to make it faster: make sure p = 11 mod 12 so I can use    -1 as non quad. residue. (Cuts 3 multiplications to 1 in some cases    because I can use difference of two squares trick.)Tue Nov 20 17:56:24 PST 2001    Added authenticated_encrypt, authenticated_decrypt.    Almost the same as the normal routines but it requires sender ID    and sender private key xQ, and we use    V = H(r,s) XOR sigma, where s = e(xQ, Q') (Q' is receiver's public key).    Minor bugfix: md_value wasn't being allocated/freed correctly (i.e.    outside the loop).Wed Nov  7 14:48:23 PST 2001    Minor change in pkghtml.c: use popen instead of tmpfile + dup hack.    Will change infect later.Mon Oct 22 20:40:48 PDT 2001    Website broken, hacked infect and pkghtml so they work on Dan's browser    (IE 6).    ...    Is it faster to exponentiate by r before feeding into miller? Must look    into this.Thu Oct 18 17:58:53 PDT 2001    Put in some fixes due to Guido Appenzeller.Fri Oct  5 13:15:14 PDT 2001    Can't get it to work, despite ripping code from mttest.c    At least I now understand why Bob couldn't get PEM_write to work;    according to the FAQ, you have to link with threaded VC++ library.    Given up on trying to make threaded server, gone back to traditional    fork model.    BTW, I've fixed a few of the problems mentioned above; cbrtpwr no longer    needed in ibe_lib.c, use SSL's random functions so all random functions    are cryptographically strong.    [ibe-0.17.tgz]Thu Oct  4 22:30:32 PDT 2001    Finally fixed salts.    ...    pkghtml improved greatly (good thing I read part of UNP1). Uses threads,     parsing is less of a hack. TODO: take out common code from    pkghtml and infect. Unfortunately, it crashes randomly because I haven't    provided OpenSSL with the locking callback.Thu Oct  4 18:30:03 PDT 2001    Minor changes, code ought to be cleaner now. infect works.Thu Oct  4 14:30:49 PDT 2001    I agree with Rishi and Matt, S/MIME is too cumbersome. I'm going to    switch to PGP style.Wed Oct  3 13:44:06 PDT 2001    share format changed slightly, I prepended a byte that holds the    server number.    ...    extract_share and construct work. Main thing left is pkghtml.cc.Tue Oct  2 20:51:48 PDT 2001    Finally got command-line interface to encrypt/decrypt working.    Rename apply_Phi?Mon Oct  1 19:07:41 PDT 2001    Finished with most of ibe_lib.c. ibe_test.c runs correctly now.    (There was a very minor bugfix too: gen would make p too big by a few    bits since I forgot to take the factor of 6 into account.)    Calls to IBE_*() will automatically initialize any byte_string's,    whilst other ones won't unless otherwise specified.    P is not picked with a cryptographically strong random function.    A few more globals need to be localized in ibe_lib.c (OpenSSL stuff,    md_ctx for example.) Need to figure out how to lock miller_randomized_flag.    Use Ppub and robustP's as "random" points in miller()?    Changed params format (again!). The other guys wanted some sort of    serialization thing (so that params could be easily moved around in    memory).    TODO: move byte_string_t defn. so format.h doesn't need to include    ibe.hMon Oct  1 02:00:40 PDT 2001    Started rewriting ibe_lib finally. Some code overlaps with weil.cc,    not sure how to resolve. e.g. cbrtpwrSat Sep 29 19:42:20 PDT 2001    More code converted, group_plus (now called point_add), miller, the    pairings. Only group_times left to go.    ...    group_times converted, now for ibe_lib.cc.    I'm worried running times will be impaired because	1) allocation of temp. variables (can fix by OpenSSL's trick)	2) no dedicated multiplication modulo p    ...    weil_test.cc works.    TODO's: seed GMP's randstate, handle special cases in proj_double    and proj_mix_in, and also zzp_point*Wed Sep 26 22:58:13 PDT 2001    To convert, I write each function in parallel to the NTL code, and    call and compare to check. I'm adding comments to functions as I go,    so weil.c ought to be easier to understand when I'm done.Tue Sep 25 13:23:17 PDT 2001    I have begun the long painful conversion to C.Fri Sep 21 23:27:37 PDT 2001    Did some research into Unix mail clients and MIME. Looks difficult to    build plugins for other programs. The best I can do is ask the    user to filter mail before/after sending through the ibe program    for now.