Hello, This patch adds a function to use the Salsa20 with 12 rounds.
regards, Nikos
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
This patch adds a function to use the Salsa20 with 12 rounds.
Committed, except for the change to salsa20-crypt.c, which seemed unrelated.
Do you have any test vectors?
I haven't had time to read your latest umac code yet. I was offline skiing all of last week.
Thanks, /Niels
On 03/25/2013 12:57 PM, Niels Möller wrote:
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
This patch adds a function to use the Salsa20 with 12 rounds.
Committed, except for the change to salsa20-crypt.c, which seemed unrelated.
Do you have any test vectors?
Attached.
btw. the current _salsa20_core takes rounds as a variable. Wouldn't it allow for better optimizations (loop unrolling actually) if that was a static function, or that doesn't matter much? As far as I understand it is highly unlikely that salsa20 will be used with anything else than 20 or 12 rounds.
regards, Nikos
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
btw. the current _salsa20_core takes rounds as a variable. Wouldn't it allow for better optimizations (loop unrolling actually) if that was a static function, or that doesn't matter much?
I don't think it matters very much. But I haven't tried it.
My understanding is that this type of looping branches are handled well by the branch predictor in current cpu:s. (In contrast to unpredictable branches, which cost lots of cycles).
And since a single iteration should be 60-100 instructions, loop overhead should be almost negligible. Unrolling is more important for small loops.
Regards, /Niels
nettle-bugs@lists.lysator.liu.se
-
Nikos Mavrogiannopoulos -
nisse@lysator.liu.se