[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP transform with RC5
> From: stroh@vnet.ibm.com
> Re: absence of rotate on RISC processors
> Do you mean that an encryption algorithm must not be chosen which
> uses rotates because RISC processors don't have them, and everyone > knows it?
> (dead horse - argued to death, well decided )
No. Only that variable-count rotates are not one-cycle opcodes
on many processors, and that their use can substantially affect
performance of the algorithm.
> This is not well decided. Its invalid. The RS6000 / PowerPC has
> single instruction variable count rotates which work in a single cycle.
SPARC and MIPS don't. Alphas do, but only for 32-bit operands
(by doubling the data and shifting it within 64-bit registers).
> Even other superscalar RISC processors which do not could still
> parallelize the sub-operations to some extent and overlap them
> with I/O.
Only if the computation is I/O intensive. Authentication and
encryption algorithms tend to be compute-intensive, and the
one's I've had a chance to look at are also highly linear.
The result is that the computations don't overlap at all, and that
the number of clocks per basic operation affects the overall
algorithm performance.
The Sigcomm paper on MD5 ('95) indicated ways to design algorithms
which could be computationally efficient, both in hardware and
in software. Data-dependent rotates are not one of those ways.
Joe
>
> The pentium and 486 have rotate instructions but they are many
> cycle instructions. Presumably they don't use a barrel shifter.
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/