[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 22 Jun 2015 12:37:26 -0400
From: Alain Espinosa <alainesp@...ta.cu>
To: john-dev@...ts.openwall.com
Subject: Re: bitslice SHA-256
-------- Original message --------
From: Aleksey Cherepanov <lyosha@...nwall.com>
Date:06/22/2015 9:26 AM (GMT-05:00)
To: john-dev@...ts.openwall.com
Cc:
Subject: Re: [john-dev] bitslice SHA-256
...SHA-256 does on each step:
h = g
g = f
f = e
e = d + t1
d = c
c = b
b = a
a = t1 + t2
I prefer this definition (two sha2 steps to show pattern):
H += R_E(E) + IF(G, E, F) + CONST + W[0]; D+=H; H+= R_A (A) + MAJ(A, B, C);
G += R_E(D) + IF(F, D, E) + CONST + W[1]; C+=G; G+= R_A (H) + MAJ(H, A, B);
...........
No assignment here, or only 2 depending on your implementation. If you use 8 registers for [A-H] there is no need of assignment. Probably the compiler made this optimization, but I prefer to make it easy for "him".
...It should remove 6 of 8 writes but add dereference op for all these
variables. Is it worth? What do you think?
My opinion is that your code depends too much on cryptographic definitions as published. We may need to change the standard definition to make it clearer and/or faster. One example is IF boolean formula, in the beginning there was 4 operations (in MD4 definition and similar) but you can use 3-1 depending in your instructions set. Similarly for MAJ (see sha1 on wikipedia).
Regards,
Alain
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
