[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 vs. SHA-1, Selection Criteria



> Date: Tue, 28 May 1996 13:43:32 -0700
> From: John Kennedy <jkennedy@cylink.com>
> Organization: Cylink Corporation
> To: uri@watson.ibm.com, touch@ISI.EDU
> Cc: ipsec@tis.com
> Subject: Re: MD5 vs. SHA-1, Selection Criteria
> 
> Uri Blumenthal wrote:
> > 
> > touch@isi.edu says:
> > > 2. On A Sun SPARC 20/71 in SunOS 4.1.3, I have measured:
> > >
> > >       stand-alone MD5         60 Mbps +/- 3 Mbps
> > >       stand-alone SHA         30 Mbps +/- 2 Mbps
> > 
> 
> Someone else reported to me via private email that the difference in 
> speed is basically a 5:4 ratio, due to the 80 rounds per 512-bit input 
> block in SHA-1 vs. 64 rounds for MD5.  I wonder why the empirical 
> evidence doesn't seem to match.
> 

Because rounds are only one measure. Also count the number of
operations per round. SHA does more per round than MD5, i.e., 

		MD5	SHA

32-bit adds	4	4
logical		2-3	2-4	(varies per step)
rotates		1	2

total CPU	7-8	8-10 (15-20% higher, per round)

mem reads	2	2
reg reads	4	5
reg writes	1	2 (others can be omitted via renaming)

 # rounds	64	80 (25% higher number of rounds).

Overall CPU for SHA is 50% higher, and the register I/O is
between 25-100% higher. The result, especially when considering
the dataflow implications. I have not completed a detailed
dataflow comparison, but it's easy to see why SHA is slower than 
MD5, even when neither is particularly optimized.

Joe




----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/