[Cryptography] Exotic Operations in Primitive Construction
John-Mark Gurney
jmg at funkthat.com
Thu Nov 5 19:21:23 EST 2020
Christian Huitema wrote this message on Thu, Oct 01, 2020 at 08:49 -0700:
>
> On 9/30/2020 1:59 PM, Jerry Leichter wrote:
> > ...
> > It's not clear what other "exotic" operations you might use. The only other primitive not in any of these classes I can think of is bit count, which loses so much information it doesn't seem useful.
>
> Galois field multiply? Isn't that directly supported by some CPU? The
> advantage over rotate, xor or ADD is "strong mixing". The result of the
> Galois field multiply makes all output bits dependent of every input
> bit. You could also get the mixing effect with multiply, then combining
> result and overflow.
Only since the introduction of AES-NI. Before very few cpus supported
GF multiple natively. GF multiply is relatively cheap to implement in
hardware, but still requires a lot of space...
But it definitely wasn't cheap to implement 20+ years ago. This is part
of the reason why AES-GCM didn't really take off till hardware
acceleration helped it out.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list