Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 22 Jun 2015 12:37:26 -0400
From: Alain Espinosa <>
Subject: Re: bitslice SHA-256

-------- Original message --------
From: Aleksey Cherepanov <> 
Date:06/22/2015 9:26 AM (GMT-05:00) 
Subject: Re: [john-dev] bitslice SHA-256 

...SHA-256 does on each step:
h = g
g = f
f = e
e = d + t1
d = c
c = b
b = a
a = t1 + t2

I prefer this definition (two sha2 steps to show pattern):

H += R_E(E) + IF(G, E, F) + CONST + W[0]; D+=H; H+= R_A (A) + MAJ(A, B, C);
G += R_E(D) + IF(F, D, E) + CONST + W[1]; C+=G; G+= R_A (H) + MAJ(H, A, B);

No assignment here, or only 2 depending on your implementation. If you use 8 registers for [A-H] there is no need of assignment. Probably the compiler made this optimization, but I prefer to make it easy for "him".

...It should remove 6 of 8 writes but add dereference op for all these
variables. Is it worth? What do you think?

My opinion is that your code depends too much on cryptographic definitions as published. We may need to change the standard definition to make it clearer and/or faster. One example is IF boolean formula, in the beginning there was 4 operations (in MD4 definition and similar) but you can use 3-1 depending in your instructions set. Similarly for MAJ (see sha1 on wikipedia).

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.