lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 15 Jan 2024 14:17:43 +0900
From: Dongsoo Lee <letrhee@....re.kr>
To: 'David Laight' <David.Laight@...LAB.COM>, 
	'Herbert Xu' <herbert@...dor.apana.org.au>, 
	"'David S. Miller'" <davem@...emloft.net>, 
	'Jens Axboe' <axboe@...nel.dk>, 'Eric Biggers' <ebiggers@...nel.org>, 
	"'Theodore Y. Ts'o'" <tytso@....edu>, 
	'Jaegeuk Kim' <jaegeuk@...nel.org>, 
	'Thomas Gleixner' <tglx@...utronix.de>, 
	'Ingo Molnar' <mingo@...hat.com>, 'Borislav Petkov' <bp@...en8.de>, 
	'Dave Hansen' <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"'H. Peter Anvin'" <hpa@...or.com>
Cc: linux-crypto@...r.kernel.org, linux-block@...r.kernel.org, 
	linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: RE: [PATCH v6 RESEND 5/5] crypto: LEA block cipher x86_64 optimization

On  Fri, 12 Jan 2024 12:59:56 +0000, David Laight <David.Laight@...LAB.COM> wrote:
> From: Dongsoo Lee
>> Sent: 12 January 2024 02:29
>>
>> For the x86_64 environment, we use AVX-512F/AVX2/SSE2 instructions.
>> Since LEA uses 128-bit blocks of four 32-bit integers, for optimization,
>> SSE2 encrypts 4 blocks, AVX2 encrypts 4/8 blocks, and AVX-512F encrypts
>> 4/8/16 blocks at a time.
>>
>> Our submission provides a optimized implementation of ECB, CBC
>> decryption, CTR, and XTS cipher operation modes on x86_64 CPUs
>> supporting.
> 
> Given you say in 0/0:
> 
> The LEA algorithm is a lightweight block cipher that processes data blocks of 128-bits and has three different key lengths, each with a different number of rounds:
> 
> Just how big is it ?
> Doesn't look 'lightweight' to me.
> 
> 	David
> 
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
> 

Firstly, it's worth mentioning that LEA is an encryption algorithm designed to ensure 128-bit security.

The LEA cipher provides a balance between code size and required memory, allowing for trade-offs with performance. The implementation of LEA that we have submitted is oriented towards achieving optimal performance.

While it's difficult to compare to the most recent implementations of cryptographic algorithms because the test is out of date, you can see the results of a previous FELICS test [1] that implemented LEA for a smaller code size.

For example, a detailed example of skipping the key schedule to reduce memory usage and minimize code size can be found in [2].

Thank you for your interest.

    Dongsoo Lee

[1] https://www.cryptolux.org/index.php/FELICS#Results
[2] https://github.com/cryptolu/FELICS/blob/master/block_ciphers/source/ciphers/LEA_128_128_v03/source/encrypt.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ