GCM mode and GMAC
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Feb 6 22:54:46 CET 2011
On 02/06/2011 10:23 PM, Niels Möller wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>
>> On 02/06/2011 12:08 AM, Niels Möller wrote:
>>
>>> It remains to see how much table space and/or assembly hacking is needed
>>> to get reasonable performance.
>>
>> There is a special instruction for that on new intel and AMD CPUs...
>> http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
>> http://en.wikipedia.org/wiki/CLMUL_instruction_set
>
> Interesting. I haven't played with any such special instructions (even
> if it ought to make a bit of difference also for aes).
>
> Anyway, I've been hacking a bit on the C-implementation over the day,
> and the galois hashing (gmac) is now 18 times(!) faster. Summary of
> changes:
[...]
> Introduced 4-bit tables:
>
> Algorithm mode Mbyte/s cycles/byte cycles/block
> gmac auth 27.14 45.68 730.82
That's pretty impressive!
More information about the nettle-bugs
mailing list