[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement
bugzilla-daemon at libre-soc.org
bugzilla-daemon at libre-soc.org
Sat Oct 15 11:03:04 BST 2022
https://bugs.libre-soc.org/show_bug.cgi?id=770
--- Comment #6 from Luke Kenneth Casson Leighton <lkcl at lkcl.net> ---
(In reply to Jacob Lifshay from comment #5)
> imho we should implement chacha20-poly1305 -- a very commonly used AEAD,
> used by Wireguard and ssh and tls and more. imho we should implement the
> wireguard variant.
it's so simple that there's no point.
> the remainder op can be done using shifting and add and sub iirc,
the entire purpose of this Grant is to show *new* instructions and
vector concepts that are entirely general-purpose, how they reduce
instruction count.
as these algorithms have been specifically designed using *already existing*
general-purpose instructions there is zero benefit to spending grant money
or time on them.
by total contrast the bigint ones are an astonishing resounding success,
the emergence of sv.adde as a vector-vector add, the 64-bit carry on
divmod2deu and madded? so simple and effective.
serpent (or twofish? the one with the Feistel Network) again by contrast
uses an add-with-shift (a + b<<1) which was intended to be added for
general-purpose address computations. turns out it saves one instruction.
looking for things like that are what this grant is about.
there are none - at all - in chacha - that i can see. exactly as you found,
it is all about rotate, add, subtract.
btw general-purpose is incredibly important, to avoid classification under
most Govts "Weapons Export" Laws.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the libre-soc-bugs
mailing list