Simon Josefsson <si...@josefsson.org> writes: > Interesting - my perception is that SPHINCS+ verification is faster than > Ed25519 (at the end of [1] suggests 5-10 times faster). Could this be > explained by SHA2 vs SHAKE?
That could certainly be part of it. On my machine, sha256 runs at 1140 MB/s (using sha_ni instrutions), and sha3_256 runs at 190, so that's a factor 6 difference. And that's benchmarking for large messages, numbers will be somewhat different for small messages, and for slh-dsa, the number of calls to underlying sha256_compress / sha3_permute will depend on how its hashing operations interact with the respective block sizes, 64 bytes for sha256, 136 bytes for shake256. Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
