[email protected] (Niels Möller) writes: > A nettle release reasonable soon would be good, but I'm afraid it will > be a bit tight to fit to the debian schedule. In the best case, we could > have a release out around new year or early January. I guess it likely > counts as a "transition", even if it's abi and api backwards compatible?
No release in January... I didn't get any Nettle hacking done over the holidays. Regarding OCB, I'm now trying to understand what's needed to make it fast, in particular, if it's important to precompute more of the "L" values at key setup time (since that is a decision that will be visible in the ABI). My current understanding is that the most important improvement over the initial implementation is to call the underlying block cipher with more than one block at a time (enabling parallelism on some hardware, and reducing overhead). I'm trying out a first version doing two blocks at a time on the ocb-mode branch, that gives 60% improvement in speed om my x86_64 machine, making ocb_aes128 a bit faster than eax_aes128, but still slower than even cbc_aes128, and much slower than gcm_aes128. I would expect that going to 4 blocks at time will improve things a bit more, but with diminishing return for going further than that. Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
