[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140626025312.GA20959@openwall.com>
Date: Thu, 26 Jun 2014 06:53:12 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Re: TwoCats multiplication chain
On Tue, Jun 24, 2014 at 11:03:48PM -0700, Alex Elsayed wrote:
> Solar Designer wrote:
>
> > So while it could be a good idea in terms of bits mixing, I think it is
> > not good enough to implement with individual instructions (until a CPU
> > gets a single instruction like this, with same latency as MUL alone).
>
> I wonder if it'd be feasible to piggyback on the push for GCM and use CLMUL
> and its (prospective?) siblings on other architectures.
I thought of that, but for a different purpose: to buy some unfriendliness
to CPU/GPU architectures that don't yet have CLMUL (especially GPUs).
I think AES-NI and PSHUFB/VPPERM might be better for that purpose,
although we could add CLMUL to the mix too. %-)
As to ASICs, I agree with Thomas about CLMUL.
For yescrypt, I felt that it's preferable to be friendly to those CPUs
that don't have CLMUL yet, and to have greater ASIC resistance. Hence
no CLMUL there.
Alexander
Powered by blists - more mailing lists