mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-05-12 03:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated 无进位乘法和GHASH (markdown)

Sun Yimin 2023-08-21 15:09:54 +08:00
parent 28eed63f34
commit 77a16990ec
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
无进位乘法和GHASH.md

@ -50,6 +50,14 @@ vpshufd T4, T4, 78
vpxor T4, T4, T2 vpxor T4, T4, T2
vpxor T1, T1, T4 ; result in T1 vpxor T1, T1, T4 ; result in T1
``` ```
* Aggregated Reduction
* In a [Horner form (iterative computation)](https://en.wikipedia.org/wiki/Horner%27s_method)
* $Y_i = MM[(X_i \oplus Y_{i-1}), Hx]$ ... everyting $mod \ x^{128} + x^{127} + x^{126} + x^{121} + 1$
* 4-way expanded Horner form (aggregate results to defer the reduction)
* $MM[X_i , Hx] \oplus MM[X_{i-1} , {(Hx)}^2] \oplus MM[X_{i-2} , {(Hx)}^3] \oplus MM[(X_{i-3} \oplus Y_{i-4}, {(Hx)}^4] $
* Can be expanded to N > 4 blocks, we use 8 blocks now.
* Overhead: pre-calculate the powers of Hx (amortized for reasonably long buffer)
* The gain: reduction deffered to once per "N" blocks
# 参考 # 参考
* [Cryptographic Hardware and Software and useful architectures](https://www.esat.kuleuven.be/cosic/events/ecrypt-net-school-2018/wp-content/uploads/sites/23/2018/10/kos-school-gueron-2.pdf) * [Cryptographic Hardware and Software and useful architectures](https://www.esat.kuleuven.be/cosic/events/ecrypt-net-school-2018/wp-content/uploads/sites/23/2018/10/kos-school-gueron-2.pdf)