moment.
I often get some hacking time on Wednesdays and weekends, but not every
week.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs ma
/archive/nettle-3.7.1.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.7.1 release
This is primarily a bug fix release, fixing a couple of
problems found in Nettle-3.7.
The new version is intended to be fully source and binary
compatible with Nettle-3.6
,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
tsuite/chacha-test.c#L193,
and the code from line 219 and on is new.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@
horitative test vectors.
I've pushed test updates to the branch fix-chacha-counter, and ci builds
now fail on ppc64. The fix posted to the list appears to work, I'll push
that to the branch in a moment.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet
ni...@lysator.liu.se (Niels Möller) writes:
> I would guess that means that we got 209 bytes, including the 16-byte
> poly1305 authentication tag. Message size is then 209 - 16 = 193 bytes.
> If the first byte is a TLS packet type, the "length: 192" in the next to
>
be decrypted correctly. I'll investigate.
What is the source of the incoming packets? GnuTLS of the same version,
also using Nettle-3.7, or the previous version, or some prerecorded
data? It's not obvious to me if the error is on the sender or the
receiver side.
Regards,
/Niels
--
Niels Mölle
ppc. Do you know what the code path is? Is GnuTLS
using Nettle's chacha_poly1305_* functions, or is it calling chacha and
poly1305 functions separately?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government
; Just out of curiosity: I assume there's no aesni-pmull-like GCM
> implementation for x86_64?
That's right. There's some assembly code, but using the same algorithm
as the C implementation, based on table lookups.
Regards,
/Niels
--
Niels Möller. PGP-encrypted em
6A6A6A6A6A6
That would work for this particular value, since it is invariant under
byte swapping. But in general an uint64_t iv would be endian dpendent.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email
dmins of the gnutls project, and the key will
also be technically accessible by gitlab staff).
[...] Do not reuse your LinuxOne Account keys on third-party
applications.
I also don't understand what "third-party applications" means in this
context, but I'd guess gitlab could be one?
t clean up the remote
state between builds.
I wonder if it would be more reliable to run make dist
PACKAGE_VERSION=snapshot on the ci build machine, and copy the resulting
tarball to the remote machine for build and test. The commands run on the
remote machine should unpack the snapshot in a fr
ni...@lysator.liu.se (Niels Möller) writes:
> So to be concrete on the interface comments, I'd suggest something like
>
> void
> nist_keywrap16(const void *ctx, nettle_cipher_func *encrypt,
>const uint8_t *iv, size_t ciphertext_length,
>uint8_t
file. test_main should
contain one fucntion call per test case, calling whatever helper
functions are needed. It's probably sufficient to test
algorithm-specific convenience functions.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject t
Maamoun TK writes:
> On Sun, Jan 31, 2021 at 10:35 AM Niels Möller wrote:
>
>> For consistency, I'd prefer defining all needed macros using m4.
>
> The macros in gcm-hash.asm file are dependent on defines in the same file
> (shared for macros and function implementation)
rename both the directory and the configure option then.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.ly
hen.
I've pushed a change to use that, instead of modifying CFLAGS.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nett
errors for pmull using.
Is there any documentation for llvm-as? Best I could find is the minimal
man page https://www.llvm.org/docs/CommandGuide/llvm-as.html, with no
info whatsoever on, e.g., supported pseudoops.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Int
Nicolas Mora writes:
> I just opened a merge request [1] to add pbkdf2_hmac_sha384 and
> pbkdf2_hmac_sha512 to the Nettle library.
Looks good, merged to the master-updates branch with minor comment
edits.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 36
odify CFLAGS, and in particular
using compiler-specific options. Is there any way to use a pseudoop in
the .asm file instead, similar to the .fpu neon used in the arm/neon/
files?
One could also consider introducing a separate ASMFLAGS make
variable (suggested earlier by Jeffrey Walton, for other rea
main patch,
I'll write that in a separate mail.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lys
unused define") on top?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://
ni...@lysator.liu.se (Niels Möller) writes:
> For processors that can issue two instructions per cycle, and with
> shorter latency, scalar code (i.e., code using only the general purpose
> 32-bit registers) could get more or less the same throughput. The scalar
> code also gets t
en following along closely, but it would be if gcm_hash
could work with a minimum of data shuffling, and let gsm_init_key move
the precomputed data around for best layout.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesal
to 1000 . If I remember correctly, the implementation
using 8 bit indexing, including the table layout, closely follows the
original gcm papers.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale gove
rds,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
ni...@lysator.liu.se (Niels Möller) writes:
> I've done a benchmark run of nettle-3.6 on the GMP "nanot2" system, with
> a Cortex-A9 processor. The installed compiler is gcc-5.4 (a few years
> old).
I choose Cortex-A9 for this test in attempt to reproduce my old numbers.
Ev
r in the details in how vst1.8 is
scheduled, and that's why vst1.8 is more or less efficient.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle
ni...@lysator.liu.se (Niels Möller) writes:
> Maamoun TK writes:
>
>> I made a merge request in the main repo that enables optimized GHASH on
>> AArch64 architecture.
>
> Nice! I've had a quick first look. For the organization, I think aarch64
> assembly should go i
you using? If it's difficult to upgrade the assembler,
it could be worked around by replacing the instructions with equivalent
.byte sequences.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government sur
/~nisse/nettle/nettle.html.
The release can be downloaded from
https://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz
ftp://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz
https://www.lysator.liu.se/~nisse/archive/nettle-3.7.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.7 release
appreciated.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se
ni...@lysator.liu.se (Niels Möller) writes:
> Thanks for investigating. So from these charts, it looks like the
> single-block Neon code is of no benefit on any of the test systems. And
> even significantly slower on the tinkerboard and rpi4.
>
> If that's right, the code shoul
Michael Weiser writes:
> Happy new year, Niels and all around,
>
> On Wed, Dec 30, 2020 at 09:12:24PM +0100, Niels Möller wrote:
>
>> > It comes out at around seven cycles per block slowdown for chacha-3core
>> > and five for salsa20-2core. I trace this to vst1
. At the time, benchmarked on a pandaboard (cortex a9), if
I remember correctly.
Is it for a fat build? If so, it's possibly that the fat setup logic
selects the C implementation is this hacked setup (but on the other
hand, I'd guess a fat build may just failed at link time if these files
are remov
Andreas Metzler writes:
> On 2020-12-28 Niels Möller
> wrote:
>> Hi, recent gnutls tests on the gitlab ci system all fail the test
>> "testpkcs11.sh". See e.g.,
>> https://gitlab.com/gnutls/nettle/-/jobs/932664781. First failure was an
>> a m
o too, see https://gitlab.com/gnutls/gnutls/-/pipelines. Any gnutls
people on the list who could have a look?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government su
ni...@lysator.liu.se (Niels Möller) writes:
> Hi, I wonder if it would make sense to try to cut a release pretty soon
> (and without any arm64 changes)? Previous release was made end of April,
> and there's been quite a few improvements since then.
I've pushed a couple of changes to
reuse SRCp32 for the second load of the same data, further down
(assuming r3 really is free to use for this purpose; if we have to save
and restore a register to do this, your approach with temporary use of
r12 seems better). Another option, with no need for an extra registerm
is to just use post-increm
'd need a lot of vrev64.u32s to basically revert the 32-bit
> transposition happening upon load and save to end up with identical
> matrices to LE.
If that's an easier way to get it working, I think it's a good start.
I'd expect that's still give a reasonable speedup over the 1-way
version
Maamoun TK writes:
> Thank you, I made a commit with the changes.
Thanks! Merged now.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-b
r comments on the mr
(https://git.lysator.liu.se/nettle/nettle/-/merge_requests/16 for
reference).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nett
are present at runtime?
Some preprocessor check of glibc version in fat-ppc.c could work too, if
that's simpler.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government
ction the soname.
The recent release of gmp-6.2.0 is of this form, and has libtool version
14:0:4, 14 - 4 = 10.
Am I getting the libtool covnentions right?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale governm
embler* needs to
recognize the instructions, and that could potentially be worked around
by coding instructions as equivalent byte sequences instead.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government
ge has to be
prevented by other means, e.g., dependencies in the packaging system.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettl
r cores.
If there's some way to setup (and restore) a thread-local signal handler
for SIGILL, that would be safer, but I don't know if that's at all
possible.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to whol
, but I'm not aware of any easy fix.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.li
ies to be a bit more
clever, with registers representing either odd or even words from both
blocks.
Not sure how endianness affects the code to move words around.
Byte swapping should go close to the final stores, but after the addition
of the initial state.
Regards,
/Niels
--
Niels Möller. PGP-
igured out how to build and
test for that configuration.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettl
llaneous:
* Use a few more gmp-6.1 functions: mpn_cnd_add_n,
mpn_cnd_sub_n, mpn_cnd_swap. Delete corresponding internal
Nettle functions.
* Convert all assembly files to use the default m4 quote
characters.
--
Niels Möller. PGP-encrypted email is p
which assembly files we should use if target host is aarch64,
but ABI=32? I guess the arm/v6/ code can be used unconditionally. Can
we also use arm/neon/ code unconditionally?
Do you agre with aiming for a release pretty soon, including the new
powerpc64 code, but no aarch64 code?
Regards,
/Niels
--
://lists.debian.org/debian-devel-announce/2020/11/msg2.html
Nettle-3.7 should be abi-compatible, and with unchanged soname, so I'm
not sure if it would count as a "transition" in the debian world.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Inte
t powerpc
processors (starting from https://en.wikipedia.org/wiki/Power_Mac_G5, if
I understand it correctly?). Probably not worth much effort to support
these, but it would be good to at least know if the new assembly files
are compatible with that ABI or not.
Regards,
/Niels
--
Niels Möller. PGP-encryp
code (currently on master
branch) gives 686 Mbyte/2. The 4-way code you tried gives 958 MByte/s. I
then replaced the innerloop with a versino with better interleaving,
written by Torbjörn Granlund (just pushed to the branch). That gives
1225 Mbyte/s.
And for reference, the plain C implementation
Maamoun TK writes:
> On Mon, Nov 30, 2020 at 10:56 PM Niels Möller wrote:
>
>> Hmm. I agree just lowering the stack pointer sounds a bit questionable.
>> But if we use some other register to point into the protected zone, we
>> should be fine? E.g.,
>>
>>
aving can help.
BTW, the chacha_2core code is merged to the master branch now.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing l
Niels Möller writes:
> Below code seems to work (but is not yet a drop-in replacement, since it
> needs some wireup in chacha.crypt.c, and 32-bit counter variant and BE
> swapping not yet implemented).
I fixed these issues, as well as fat build support. Pushed to the branch
ppc-cha
we
should be fine? E.g.,
addir10, r1, -0x40 C Save callee-save registers
stvxv20, 0, r10
stvxv21, r6, r10
stvxv22, r7, r10
stvxv23, r8, r10
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Interne
Niels Möller writes:
> 3. Try out if 4-way gives additional speedup.
Below code seems to work (but is not yet a drop-in replacement, since it
needs some wireup in chacha.crypt.c, and 32-bit counter variant and BE
swapping not yet implemented). Seems to give almost a factor of 2
speedup o
Maamoun TK writes:
> On Wed, Nov 25, 2020 at 10:13 PM Maamoun TK
> wrote:
>
>> I'll make a pull request for fat build support.
The gcm code is now merged to the master branch. Thanks!
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
declaration without function definition.
It's harmless to declare a function that's neither defined nor used.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government
ngs or errors.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mail
or these changes.
If you can help out with that, that's much appreciated.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
Niels Möller writes:
> Maamoun TK writes:
>
>>> I'll make a pull request for fat build support.
>>>
>>
>> Done!
>
> I added two comments on the merge request.
I reorganized the ifdefs a bit more, and pushed to the ppc-gcm
branch. Tested on g
Maamoun TK writes:
>> I'll make a pull request for fat build support.
>>
>
> Done!
I added two comments on the merge request.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale gover
Niels Möller writes:
> Maamoun TK writes:
>
>> Sure. I updated the pull request.
>
> Thanks. Merged (first time I try the merge button on gitlab).
It remains to wire it up for fat-ppc.c. Anything else that is missing?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email i
r the main loop.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/m
Niels Möller writes:
> I've got it into working shape now, at least for little-endian. See
> https://git.lysator.liu.se/nettle/nettle/-/blob/ppc-chacha-2core/powerpc64/p7/chacha-2core.asm
>
> Next steps:
>
> 1. Fix it to work also for big-endian,
>
> 2. Wire it up for f
nder if one can get close to another factor of two by going to 4
blocks. I hope to get the time to try that out, it should be fairly
easy. (And if that does work out fine, maybe the code to do only 2 blocks
could be removed).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid
ed loads also in the main loop.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.l
Niels Möller writes:
>> It could likely be speedup further by processing 2, 3 or 4 blocks in
>> parallel.
>
> I've given 2 blocks in parallel a try, but not quite working yet. My
> work-in-progress code below.
I've got it into working shape now, at least for lit
tory in this way, I hope you don't mind dealing
> with the future patches the same way.
Thanks, that's fine. But you may need to ping me, since I don't look at
the gitlab web interface that often.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet ema
of the function).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/m
be fine). If your mail client doesn't
cooperate, feel free to create a pull request on git.lysator.liu.se
instead (and ping the list).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
__
10001
> vsldoi ONE, ONE, ZERO,12 C 0x00010000
Thanks, I'll try that.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bug
ni...@lysator.liu.se (Niels Möller) writes:
> It could likely be speedup further by processing 2, 3 or 4 blocks in
> parallel.
I've given 2 blocks in parallel a try, but not quite working yet. My
work-in-progress code below.
When I test it on the gcc112 machine, it fails with an i
at about test coverage? It looks like we have test cases for sizes up
to 8 blocks, and for partial blocks, so I guess that should be fine?
Reards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
Maamoun TK writes:
> This implementation takes advantage of research made by Niels Möller to
> optimize GCM on PowerPC, this optimization yields a +27.7% performance
> boost on POWER8 over the previous implementation that was based on intel
> documents. The performance compar
Maamoun TK writes:
> ---
> fat-ppc.c | 25 +
> 1 file changed, 21 insertions(+), 4 deletions(-)
Thanks, merged to the master branch now.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to
ni...@lysator.liu.se (Niels Möller) writes:
> The code for curve25519 and curve448 has been using powering to invert
> for a long time. I've now spent some time writing specific powering code
> for the five secp curves as well. I've found fairly efficient addition
> chains wh
. I have some work-in
progress code to do 2 or 4 chacha blocks in parallel, but not sure when
I will get that into working shape.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_
_digest, we
might need to provide a version number for the counter-cryptanalysis
used.
* Consider if it's worth doing also for md5?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_
three operations need new functions? Do you need an
extended context struct too?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing li
d a fix, see
https://git.lysator.liu.se/nettle/nettle/-/commit/4c8b0cdd97ffec3ae3f8d995afdfccbc261b3c79.
Thanks for the report.
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
and platform.
Not all inversions are rewritten. I haven't changed the modq inversion
which is needed for ecdsa, and I haven't changed the code for the two
supported gost curves.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject
eded for the inputs corresponding to message blocks.
To compute more powers of H, one could do the standard reduction only
once, essentially transforming H to montgomery form,
H' = H(x) x^128 (mod P(x)),
then further powers of H can use the reduction of least significant
coefficients,
been part of the Neon
instruction set for a long time, at least since I wrote my first ARM
code back in 2013. It's just a bit annoyning that one needs so many of
them to do a wide multiply.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email i
ni...@lysator.liu.se (Niels Möller) writes:
> So if we have the input in register A (loaded from memory with no
> processing besides ensuring proper *byte* order), and precompute two
> values, M representing b_1(x) x^64 + c_1(x), and L representing b_0(x)
> x^64 + d_1(x)), then we
x^64 to x^64 + x^63 + x^62 + x^58, or
b_0(x) / x^64 (mod P(x)) = b_0(x) (x^64 to x^64 + x^63 + x^62 + x^58)
So no reduction needed, just split the product in high and low part to
get c_1 and c_0.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid
ni...@lysator.liu.se (Niels Möller) writes:
> Maamoun TK writes:
>
>> +L4x_loop:
> [...]
>> +C polynomial multiplication "classical" pre-processing
>> +xxmrghdVSR(C23h),VSR(C2),VSR(C3)
>> +xxmrgldVSR(C23l),VSR(C2),VSR(C3)
&
duct one bit left, or premultiply one of the factors with x
mod p'(x).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bu
ni...@lysator.liu.se (Niels Möller) writes:
> Maamoun TK writes:
>
>> I would like to explain more about 'vpmsumd' instruction, in x86 arch the
>> 'pclmulqdq' instruction is used for carry-less operations. To use
>> 'pclmulqdq' an immediate value should be passe
around? I guess one can also do some
interesting things of other selected parts of the inputs zero, for
example, the middle word of one of the operands, or all odd-numbered
bits, or...
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to who
ni...@lysator.liu.se (Niels Möller) writes:
> Maamoun TK writes:
>
>> The last patch follows the C implementation but I just figured out a decent
>> way to do it.
>
> Thanks! Applied, and pushed on the ppc-chacha-core branch for testing.
> (Had apply it semi-manual
for the used algorithm, but it would
be helpful to have the main ideas in comments close to the code.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance
gt; margin fits with the library's convention of optimizing such functions.
We can revisit it later, but lets go for the low-hanging fruit first.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale governme
ponds to xoring the
byte indices with 3.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
htt
GN, is that a
problem?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.li
301 - 400 of 1234 matches
Mail list logo
