[Cryptography] Exotic Operations in Primitive Construction
Dan McDonald
danmcd at kebe.com
Wed Sep 30 15:21:37 EDT 2020
On Wed, Sep 30, 2020 at 09:20:58AM +0000, Peter Gutmann wrote:
> Phillip Hallam-Baker <phill at hallambaker.com> writes:
>
> >The reason we get rotate is that it is cheap: It is in essence a combination
> >of a Left shift and a right shift.
>
Many of the RISC machines of the 90s (including SPARC) didn't have rotate, in
spite of some crypto users' best efforts. To be fair, once the UltraSPARC T2
(aka Niagara2) came along, they went right past rotate and straight to
hardware crypto.
> If you're referring to an implementation in C, it's not even that any more,
> any compiler from the last 15-20 years has a rotate recogniser and will
> translate 'x << y | x >> ( wordsize - y )' into a single rotate instruction.
That figure SHOULD be more like 20-25 years: It's a simple peephole
optimization. Oddly enough, it took a 1996 IETF visit to figure out that
Sun's x86 compiler didn't do that peephole, and it took them another 2(?)
years to fix it.
Dan
More information about the cryptography
mailing list