[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000e01da4772$2b2c5360$8184fa20$@nsr.re.kr>
Date: Mon, 15 Jan 2024 14:17:43 +0900
From: Dongsoo Lee <letrhee@....re.kr>
To: 'David Laight' <David.Laight@...LAB.COM>,
'Herbert Xu' <herbert@...dor.apana.org.au>,
"'David S. Miller'" <davem@...emloft.net>,
'Jens Axboe' <axboe@...nel.dk>, 'Eric Biggers' <ebiggers@...nel.org>,
"'Theodore Y. Ts'o'" <tytso@....edu>,
'Jaegeuk Kim' <jaegeuk@...nel.org>,
'Thomas Gleixner' <tglx@...utronix.de>,
'Ingo Molnar' <mingo@...hat.com>, 'Borislav Petkov' <bp@...en8.de>,
'Dave Hansen' <dave.hansen@...ux.intel.com>, x86@...nel.org,
"'H. Peter Anvin'" <hpa@...or.com>
Cc: linux-crypto@...r.kernel.org, linux-block@...r.kernel.org,
linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: RE: [PATCH v6 RESEND 5/5] crypto: LEA block cipher x86_64 optimization
On Fri, 12 Jan 2024 12:59:56 +0000, David Laight <David.Laight@...LAB.COM> wrote:
> From: Dongsoo Lee
>> Sent: 12 January 2024 02:29
>>
>> For the x86_64 environment, we use AVX-512F/AVX2/SSE2 instructions.
>> Since LEA uses 128-bit blocks of four 32-bit integers, for optimization,
>> SSE2 encrypts 4 blocks, AVX2 encrypts 4/8 blocks, and AVX-512F encrypts
>> 4/8/16 blocks at a time.
>>
>> Our submission provides a optimized implementation of ECB, CBC
>> decryption, CTR, and XTS cipher operation modes on x86_64 CPUs
>> supporting.
>
> Given you say in 0/0:
>
> The LEA algorithm is a lightweight block cipher that processes data blocks of 128-bits and has three different key lengths, each with a different number of rounds:
>
> Just how big is it ?
> Doesn't look 'lightweight' to me.
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
>
Firstly, it's worth mentioning that LEA is an encryption algorithm designed to ensure 128-bit security.
The LEA cipher provides a balance between code size and required memory, allowing for trade-offs with performance. The implementation of LEA that we have submitted is oriented towards achieving optimal performance.
While it's difficult to compare to the most recent implementations of cryptographic algorithms because the test is out of date, you can see the results of a previous FELICS test [1] that implemented LEA for a smaller code size.
For example, a detailed example of skipping the key schedule to reduce memory usage and minimize code size can be found in [2].
Thank you for your interest.
Dongsoo Lee
[1] https://www.cryptolux.org/index.php/FELICS#Results
[2] https://github.com/cryptolu/FELICS/blob/master/block_ciphers/source/ciphers/LEA_128_128_v03/source/encrypt.c
Powered by blists - more mailing lists