Date: Mon, 22 Jun 2015 12:37:26 -0400 From: Alain Espinosa <alainesp@...ta.cu> To: john-dev@...ts.openwall.com Subject: Re: bitslice SHA-256 -------- Original message -------- From: Aleksey Cherepanov <lyosha@...nwall.com> Date:06/22/2015 9:26 AM (GMT-05:00) To: john-dev@...ts.openwall.com Cc: Subject: Re: [john-dev] bitslice SHA-256 ...SHA-256 does on each step: h = g g = f f = e e = d + t1 d = c c = b b = a a = t1 + t2 I prefer this definition (two sha2 steps to show pattern): H += R_E(E) + IF(G, E, F) + CONST + W; D+=H; H+= R_A (A) + MAJ(A, B, C); G += R_E(D) + IF(F, D, E) + CONST + W; C+=G; G+= R_A (H) + MAJ(H, A, B); ........... No assignment here, or only 2 depending on your implementation. If you use 8 registers for [A-H] there is no need of assignment. Probably the compiler made this optimization, but I prefer to make it easy for "him". ...It should remove 6 of 8 writes but add dereference op for all these variables. Is it worth? What do you think? My opinion is that your code depends too much on cryptographic definitions as published. We may need to change the standard definition to make it clearer and/or faster. One example is IF boolean formula, in the beginning there was 4 operations (in MD4 definition and similar) but you can use 3-1 depending in your instructions set. Similarly for MAJ (see sha1 on wikipedia). Regards, Alain Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.