Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [P1619-2] another P1619.2 question: the EME2 mix function



We discussed the hardware performance with Doug Whiting, offline. It
turned out not be an issue. Doug pointed out that when several AES
cores are designed to run parallel, a few Galois multiplier circuits
computing L*x^i by shift-XOR loops, increases the HW complexity only
by a trivial amount, and these multipliers are much faster than AES,
even with the exponent i over 100.

Accordingly, in a future Implementation Guide we could just make a
remark that at parallel HW implementations computing the L*x^i terms
doesn't influence the overall running time or circuit complexity by
any significant amount.