Could not get curve25519-dalek to use the SIMD backend when using x25519-dalek

[nullchinchilla]

I am on a modern processor (AMD Ryzen 5 3600XT), and I cannot seem to get curve25519-dalek to use the SIMD backend when I use x25519-dalek.

Here's a perf stacktrace from a piece of software I'm writing that uses x25519-dalek:

I've tried setting RUSTFLAGS='-C target-cpu=native', but that does not help. Setting RUST_FLAGS='--cfg=curve25519_dalek_backend="simd"' does not help, though setting the backend to fiat does slow things down, so I assume the flag is being passed correctly.

Is this behavior normal? When I run the tests in curve25519-dalek I do see AVX stuff popping up in a perf trace, though curiously mul_clamped still seems to only use the serial implementation.

Is there just no SIMD implementation usable for x25519?

[tarcieri]

Correct, X25519 uses the Montgomery Ladder, which has no SIMD implementation

[tarcieri]

As far as options there go, I'm aware of this implementation which uses the MULX instruction (not quite SIMD, but ILP at least), although I believe there are some issues using MULX from LLVM outside of asm! blocks since LLVM isn't aware of the relevant flags:

https://w3.lasca.ic.unicamp.br/media/publications/2642.pdf

[tarcieri]

Going to close this as "not planned" for now, however if there's interest in implementing the MULX-powered precomputed ladder paper, we could potentially open a separate issue for that (however, it's not technically "SIMD")