Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[P1619-2] Future Intel GCM instructions

To: P1619-2@xxxxxxxxxxxxxxxxx
Subject: [P1619-2] Future Intel GCM instructions
From: Hal Finney <hal.finney@xxxxxxxxx>
Date: Tue, 8 Jul 2008 10:10:47 -0700
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=P1619-2>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20P1619-2>
List-owner: <mailto:P1619-2-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:P1619-2-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:P1619-2-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-to: Hal Finney <hal.finney@xxxxxxxxx>

Here is an article about the future extension to the Intel instruction
set to help with computing Galois field "carry-less" multiplication:

http://softwarecommunity.intel.com/articles/eng/3787.htm (also
http://softwarecommunity.intel.com/isn/downloads/intelavx/Carry-Less-Multiplication-and-The-GCM-Mode_WP%20.pdf
)

The new PCMULQDQ instruction uses little-endian ordering for the bits
within a byte, while GCM uses big-endian ordering, as does our XCB
mode. However in the section "Bit Reflection Peculiarity of GCM ", the
article shows that this difference can be accommodated by a few simple
shift operations.

EME2 uses the little-endian ordering, but does not actually do field
multiplications, just shifts, so these enhancements would not be
helpful for that mode.

(Also of note, the new AES instructions for greater speed and reduced
side channel attacks:
http://softwarecommunity.intel.com/articles/eng/3788.htm )

Hal Finney
PGP Corporation

Prev by Date: [P1619-2] SISWG.NET Docman currently down
Next by Date: Re: [P1619-2] Meeting Announcement for Sept 2008 face-to-face meeting in Baltimore, MD
Previous by thread: [P1619-2] Meeting Announcement for Sept 2008 face-to-face meeting in Baltimore, MD
Next by thread: [P1619-2] SISWG.NET Docman currently down
Index(es):
- Date
- Thread