On 12.03.2019 15:02, Yuriy M. Kaminskiy wrote:
> Then I will probably take a look at poly1305
... and it looks problematic; porting poly1305/armv6 is possible, but there
won't
be much improvement over generic C code:
$ poly1305-opt/bin/poly1305-util bench
8192 byte(s):
neon, 15114.40 ns per call, 1.8 ns/byte
armv6, 31944.33 ns per call, 3.9 ns/byte
generic/32, 39088.50 ns per call, 4.8 ns/byte
neon (and other simd implementations) is much faster, but requires larger
state; current nettle's
struct poly1305_ctx is 56 bytes, optimized versions requires up to 192 bytes.
And it is embedded in struct chacha_poly1305_ctx and poly1305_aes_ctx, which
looks like
part of public (and used) low-level ABI.
(nettle-meta.h interface would be safe wrt struct size changes, but so far
everything I've looked
at - including gnutls - was not using it :-()
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
