[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement

bugzilla-daemon at libre-soc.org bugzilla-daemon at libre-soc.org
Sat Oct 15 11:03:04 BST 2022


--- Comment #6 from Luke Kenneth Casson Leighton <lkcl at lkcl.net> ---
(In reply to Jacob Lifshay from comment #5)
> imho we should implement chacha20-poly1305 -- a very commonly used AEAD,
> used by Wireguard and ssh and tls and more. imho we should implement the
> wireguard variant.

it's so simple that there's no point.

> the remainder op can be done using shifting and add and sub iirc, 

the entire purpose of this Grant is to show *new* instructions and
vector concepts that are entirely general-purpose, how they reduce
instruction count.

as these algorithms have been specifically designed using *already existing*
general-purpose instructions there is zero benefit to spending grant money
or time on them.

by total contrast the bigint ones are an astonishing resounding success,
the emergence of sv.adde as a vector-vector add, the 64-bit carry on
divmod2deu and madded? so simple and effective.

serpent (or twofish? the one with the Feistel Network) again by contrast
uses an add-with-shift (a + b<<1) which was intended to be added for
general-purpose address computations. turns out it saves one instruction.

looking for things like that are what this grant is about.

there are none - at all - in chacha - that i can see. exactly as you found,
it is all about rotate, add, subtract.

btw general-purpose is incredibly important, to avoid classification under
most Govts "Weapons Export" Laws.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-soc-bugs mailing list