Re: Rijndael in Assembler for x86?
First, my question was caused since Perry(?) did not originally specify *why* he needs an assembly code; and secondly, since the referred 186 assembly code might be slower than the best C codes for Pentium. On the other hand, the best (commercial) assembly implementation of Rijndael for P3 is 50% faster (~230 cycles per block versus ~360 cycles per block) than Brian Gladman's (free) C implementation. Brian's implementation seems to be almost optimal for a C-code. The reasons why assembly code achieves such a speedup was somewhat explained in * Kazumaro Aoki, Helger Lipmaa, Fast Implementations of AES Candidates, AES 3 conference, 2000. Both this paper, and a compendium of AES implementations are available from http://www.tcs.hut.fi/~helger/aes (if you have anything to add there, feel free to email me!). I am *not* aware of any free Rijndael assembly implementations that are faster than 300 cycles per block on P3. I know that there exist some non-free (including mine) implementations that are faster, though. Helger On 14 Sep 2001, Ian Goldberg wrote: Does anyone have an open source implementation of Rijndael in assembler for the Pentium? Why just not to use a C code? Because it is typically slower by many times than hand tuned assembler. Are you sure? For general code, that certainly hasn't been true in a long time; optimizing compilers nowadays can often do *better* then hand-coded assembler. However, for encryption code in particular, I can imagine the C primitives (which usually lack rotate, etc. instructions) may be suboptimal. That being said, back when I wrote the 40-bit RC5 breaker for the RSA challenge, I thought the same thing. I figured I would first write a C version, and then tune the resulting assembler. When I looked at what gcc had output, it had already done all the tricks I had in mind. I would severely doubt a slowdown of many times. I'm more likely to believe a few percent, and would not be surprised if the compiler's optimizer is smarter than most people's. - Ian [Moderator's note: The best DES implementations for i386s in assembler are several times faster than the best in C. I'm not sure about AES but I'd prefer to try and see. Perhaps it's a feature of DES's odd bit manipulation patterns, perhaps not. I have yet to see GCC produce code for almost anything that was just as fast as hand tuned assembler, though. --Perry] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
On Wed, 18 Jul 2001, Alex Alten wrote: Does anyone know where I could purchase or get the papers submitted to the Fast Software Encryption Workshop 2001? Springer-Verlag does not have it available for purchase yet. I looked at the Web site (url below) and emailed the 2 Japanese fellows apparently running it but they have yet to respond. Any pointers or help would be most appreciated. I'm cc'ing cyperpunks and cryptography mailing lists as well. http://www.venus.dti.ne.jp/~matsui/FSE2001/ I am one of the authors of one of the papers there. As far as I know, only preproceedings are available until now - the deadline to send the final version to Matsui was at the end of May. It is no wonder it takes time to publish the final proceedings. On the other hand, preproceedings were (I think) printed in a small quantity and mostly for the conference participants. You may still inquery Matsumoto Matsui about their availability, but doubt in it. Moreover, preproceedings *really* contained *prefinal* versions of the papers. If you want to get final versions, contact the authors. It is also mostly up to them to put their papers on their homepages - some authors do, some don't: mind that not all of them have time or possibilities to maintain a homepage. Helger http://www.tcs.hut.fi/~helger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Zero-Knowledge proofs for valid decryption !!
One reference out of my mind is: * Yevgeniy Dodis, Shaih Halevi and Tal Rabin, A Cryptographic Solution to a Game Theoretic Problem , CRYPTO 2000. http://www.toc.lcs.mit.edu/~yevgen/ps/game-abs.html (See Appendix A, esp A.1, and references therein) Helger Lipmaa http://www.tcs.hut.fi/~helger/ On Mon, 9 Jul 2001, Emmanouil Magkos wrote: There is a list of encrypted messages, published on a bulletin board. Rackel and only Rackel can decrypt this messages. Encryption is probabilistic, for instance ElGamal: E(m)=(g^r, h^r m), where h=g^s with {s} be the private key of Racel and {r} be a randomness chosen by the sender. Rackel decrypts E(m_1), E(m_2), E(m_3), and publish the decrypted results in random order, say (m_2, m_1, m_3). Is there a way for Rackel to prove that the list of m_i contains only correct open values of the list of E(m_i), without revealing: 1) the linkage between [E(m_i), m_i] 2) the private decryption key s (note that she doesn't know the randomness {r}) Does anybody know whether there exists such solution ??. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: blocking chinese domains?
On 29 Jun 2001, John R. Levine wrote: In article l0311071bb76193cbb497@[208.192.101.177] you write: does anyone know whether china has recently shut down its citizens' outgoing network access? I gather that for quite a while, Chinese networks have been behind what's known as the Great Firewall of China, and it does indeed filter sites the government doesn't like. May be this is also the reason why some smart people in China have started to mirror interesting-to-them but sensible-in-content sites? My own collection of cryptographic pointers, http://www.tml.hut.fi/~helger/crypto/ has been mirrored a while as http://infosec.cs.pku.edu.cn/~tly/helger-crypto/ - and I know it is not the only popular site; they have e.g. mirrored the cryptographic part of the Counterpane webpage. Although I am not sure this has been done since they wouldn't be able to access the sites otherwise... My original pages have received some hits from China during THIS weekend. Helger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]