Date: Sun, 09 Feb 2014 03:16:32 +0000
From: Samuel Neves <sneves@....uc.pt>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] multiply-hardening (Re: NoelKDF ready for submission)

On 09-02-2014 02:52, Bill Cox wrote:
> However, this constant is 0x6C078965.  A simple way to compute it is
> just to add the 14 places that 1's occur.  There are 5 places where
> 1's occur together, so the same adder output can be reused in all 5
> places, and we've got 8 more additions to do.  Worst case, that's 9
> adders, where with Booth encoding for non-constant multiplication, it
> would be 16.  I'm running a fun little program I just wrote to find
> the optimal number but it may not finish before the PHC winner is
> chosen... I'm feeling to lazy to optimize it.  It's called
> "constmult", and I just checked it in under noelkdf.

This is a well-known variant of the addition-chain problem. SPIRAL [1]
generates the following code sequence, using 7 additions:

//
-----------------------------------------------------------------------------
// This code was generated by Spiral Multiplier Block Generator,
www.spiral.net
// Copyright (c) 2006, Carnegie Mellon University
// All rights reserved.
// The generated code is distributed under a BSD style license
// (see http://www.opensource.org/licenses/bsd-license.php)//
-----------------------------------------------
// Cost: 7 adds/subtracts 7 shifts 0 negations
// Input:
//   int t0
// Outputs:
//   int t1 = 1812433253 * t0
// -----------------------------------------------
t3 = shl(t0, 2);
t2 = add(t0, t3);
t5 = shl(t0, 5);
t4 = add(t2, t5);
t7 = shl(t4, 6);
t6 = add(t4, t7);
t9 = shl(t2, 26);
t8 = sub(t9, t6);
t11 = shl(t0, 4);
t10 = sub(t11, t0);
t13 = shl(t0, 16);
t12 = add(t10, t13);
t14 = shl(t12, 15);
t1 = sub(t14, t8);

[1] http://spiral.ece.cmu.edu/mcm/gen.html

Powered by blists - more mailing lists