| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Sep 2014 09:40:49 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Lyra2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Based on Alexander's feedback, I now have two tweaks I feel are fairly important for Lyra2: - - Add unpredictable small reads in the inner loop of reducedDuplexRow - - Add multi-threading with data sharing of some sort between threads I looked more closely at the SSE implementation of the Blake2b reduced round. It does 4 adds and 4 XORs in series. This is doable in either 1 or 2 clocks at a full heavily pipelined ASIC speed. With unpredictable L1 cache reads, I would have to add another clock, increasing the delay by from somewhere between 50% to 100%. Since the reads and writes are all currently sequential within the block, they can be fully pipelined easily, meaning that all three inputs are available when needed directly from flip-flops, without any L1 cache latency at all. The multi-threading is needed to fill up the available external memory bandwidth, among other things. Doing 1 scalar multiply running in parallel with the Blake2b round might improve compute-time hardness. A 32x32->64 will likely take 3 clocks. With both enhancements, ASIC defense when not external bandwidth limited should increase from 1-2 clocks per inner loop to about 4 clocks, assuming we're running at heavily pipelined speeds like we do in my Ivy Bridge CPU. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUDbHdAAoJEAcQZQdOpZUZo6wP/jlGzTDcK+Iye2vBEr99q3ri 69zfqJDOPYerEaeRRlM3EJEhstviiFHdU6EQEHOGvtpYiya0PYFEJqJ9qbeXnSct b3/yDG3qcU6EZ5piQkn0vqpwWnI5MYmFqycDT6N0dTVSm+FTP+mTMxQD3Jd6+ew8 oy+oXmAPNnqsYkXkrRxDlFMBFnZ8/CvN1thN6fVyrpnxJkNbf/D42r3y4qJ8jT56 nSsZVmBTsBRwM7h7zpQhyBdMTFQFNpy66YphUf32cISyinPpDruJ6RS67BWFOX0S CJWeqz0qlGTZwBZoAlzuxXNiiIfiQ9kfkEKqyfq9WgQxo5ZrBdStp6aC/zlvH81x bJRiRC0FgPqyvpm0jDukhYlY/cGSUP4Z7hBt7mrBq/Xk5hpwhxyJi6DIBjubri8/ UNHuSnTrJbB8W4g2wI4AbH62IAEzuQDbyh9k90cFApFEttTw8CjvAZJXZWLFIkTW BRhxzQlubXF029CuBjRZdaEWpdY2JQqDwSfnigLRf4SUzYjeyn7jwUI7iVDfvsde EQ2K+LqOV+dx5ko5jCNKUDJv4/vmnQXYU2znxdmNBcZ0/ftP3QPwlqPwjYsYmRCW qDVA+h+d2U6/pVvM0o7myPkopaws+V97tw1/IjywYNNZg6Ndl5T2HKlYx/QxXVQK Wh9B0KMIZcdIXhkQs4u7 =33NH -----END PGP SIGNATURE-----
Powered by blists - more mailing lists