| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140210025703.GA17198@openwall.com> Date: Mon, 10 Feb 2014 06:57:03 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] multiply-hardening (Re: NoelKDF ready for submission) On Mon, Feb 10, 2014 at 06:46:46AM +0400, Solar Designer wrote: > PMULLW is 8 packed 16x16->16. I felt that if we go for 16x16, we > probably want to take the upper 16 bits of result (so PMULHW or PMULHUW > or PMULHRSW), not lower, although this does make the signedness matter. > > We'd need to compare ASIC circuit sizes for lower vs. upper 16 bits. Actually, mostly not sizes, but number of levels, as you've nicely illustrated by your examples of multiplying by a constant. Alexander
Powered by blists - more mailing lists