[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement

bugzilla-daemon at libre-soc.org bugzilla-daemon at libre-soc.org
Sun Oct 16 04:01:04 BST 2022


--- Comment #9 from Jacob Lifshay <programmerjake at gmail.com> ---
(In reply to Luke Kenneth Casson Leighton from comment #6)
> (In reply to Jacob Lifshay from comment #5)
> > imho we should implement chacha20-poly1305 -- a very commonly used AEAD,
> > used by Wireguard and ssh and tls and more. imho we should implement the
> > wireguard variant.
> it's so simple that there's no point.

there *is* a point, because demonstrating that svp64+biginteger can make
chacha20+poly1305 run much faster is very highly significant because that is a
big part of the processing required for wireguard and other protocols. picking
random example numbers, it would be hugely significant if you could
encrypt/decrypt packets at 2GiB/s rather than 500MiB/s per core.

> there are none - at all - in chacha - that i can see. exactly as you found,
> it is all about rotate, add, subtract.

nearly everything i described in comment #5 was talking about poly1305, not
chacha. those are all 320 and 192-bit bigint ops (rounded up to nearest
multiple of 64-bits) that svp64 + bigint definitely accelerates.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-soc-bugs mailing list