[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement

Sat Oct 15 11:54:31 BST 2022

https://bugs.libre-soc.org/show_bug.cgi?id=770

--- Comment #8 from Luke Kenneth Casson Leighton <lkcl at lkcl.net> ---
    d = ROL32(d, 16); \
    b = ROL32(b, 12); \
    d = ROL32(d, 8); \
    b = ROL32(b, 7); \

x = 0x100c0807 # magic constant
x = ROL32(x, 8) # in loop

couldn't be easier.  no need to even ANDi that because the other ROL32s
will cut off the top bits automatically.

also it is a lot less regs for REMAP Indices, because there are 8 QUARTER
rounds, that is one 64 bit reg in elwidth=8, times four, is *only*
QTY 4of 64-bit regs.

ah, and there are not 4 separate applications a b c d, there is just
"the 16TH_ROUND part" i.e. they all meet this pattern:

    r0 += r1; \
    r2 ^= r0; \
    r2 = ROL32(r2, r3);

that's doable with 4 Indices! holy cow.  this entire thing will
collapse down to 5 instructions inside a loop: one sv.add, one sv.XOR,
one sv.ROL32, svstep, and bc in CTR mode.

that's almost obscene and laughable.

-- 
You are receiving this mail because:
You are on the CC list for the bug.