[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Exotic Operations in Primitive Construction

Christian Huitema wrote this message on Thu, Oct 01, 2020 at 08:49 -0700:
> On 9/30/2020 1:59 PM, Jerry Leichter wrote:
> > ...
> > It's not clear what other "exotic" operations you might use.  The only other primitive not in any of these classes I can think of is bit count, which loses so much information it doesn't seem useful.
> Galois field multiply? Isn't that directly supported by some CPU? The
> advantage over rotate, xor or ADD is "strong mixing". The result of the
> Galois field multiply makes all output bits dependent of every input
> bit. You could also get the mixing effect with multiply, then combining
> result and overflow.

Only since the introduction of AES-NI.  Before very few cpus supported
GF multiple natively.  GF multiply is relatively cheap to implement in
hardware, but still requires a lot of space...

But it definitely wasn't cheap to implement 20+ years ago.  This is part
of the reason why AES-GCM didn't really take off till hardware
acceleration helped it out.

  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
The cryptography mailing list
cryptography AT metzdowd.com