[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52D6A65A.6060600@dei.uc.pt>
Date: Wed, 15 Jan 2014 15:16:42 +0000
From: Samuel Neves <sneves@....uc.pt>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A must read...
On 15-01-2014 14:54, Solar Designer wrote:
> Besides integer multiply, I was considering floating-point, along the
> lines of DJB's hash127 - or even taking hash127 as the crypto primitive:
>
> http://cr.yp.to/hash127.html
> http://cr.yp.to/antiforgery/hash127-20040918.pdf
>
> But it does feel somewhat risky, and the latency guarantee is probably
> similar to that of the integer multiply (not the latency per se, but
> how it compares between CPUs and attack-optimized ASICs). A possible
> advantage of the hash127 approach would be in using more of the die
> area, especially in defensive implementations on GPU and many-core archs
> (those many FPUs combined consume non-negligible die area).
While using floating-point by itself might be an actionable idea, I'd
advise not to use hash127. hash127 was designed during a time where even
32-bit integer multiplication was slow; now we have very fast 64-bit
integers multipliers, which make hash127 much faster to compute in
integer units.
Ideally whatever you compute using the floating-point unit should be
something that is hard to replicate with integer hardware.
Powered by blists - more mailing lists