Re: [PATCH] AES x86-64-asm impl.

[dean gaudet]

On Sat, 2 Oct 2004, Andi Kleen wrote:

> Unfortunately it's still fundamentally 32bit. Anybody interested
> in doing a true 64bit AES?

i doubt it helps any -- except for benchmark-only purposes.

there's a description of the 32-bit T-table approach in section 7.3 of 
<http://fp.gladman.plus.com/cryptography_technology/rijndael/aesspec.pdf>

basically the tables are 8-bit -> 32-bit maps, and there are 4 of them (2 
for each direction).  to go to 64-bit you'd need 16-bit -> 64-bit maps... 
512KiB per table.  there are some other variations on the tables which are 
smaller, but nothing as small as the 1024 bytes per table of the 32-bit 
implementation.

there's a completely different approach using bit-slicing (basically 
consider each register as 64 1-bit registers), which yields great 
throughput but cruddy latency -- you basically need lots of non-dependant 
streams to make this pay off (i.e. it might work for disk crypto 
processing multiple blocks simultaneously).

-dean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/