Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HS1-SIV #652

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Add HS1-SIV #652

wants to merge 11 commits into from

Conversation

Demindiro
Copy link

HS1-SIV uses ChaCha and a new hash algorithm. This implementation is based on the paper and the reference implementation.

I generated custom test vectors since none seem to be provided. I've included the reference implementation to show how they've been generated.

Hs1Params is quite ugly, but I'm unsure if I can make it any cleaner. It could be hidden by using newtypes for the 3 parameter sets instead.

trait ChaChaImpl is necessary because chacha20::variants::Variant and in particular chacha20::variants::Ietf isn't exposed, so chacha20::ChaChaCore is unusable.

I've spent some time optimizing it. It certainly can be optimized more, though so far further attempts have failed.

It should be free of any data-dependent branches, though I haven't looked at the generated assembly very closely.

@Demindiro
Copy link
Author

Demindiro commented Jan 23, 2025
edited
Loading

It's not clear to me why benches fails, since I can run it fine locally. Compiler version difference? (I use rustc 1.86.0-nightly (8361aef0d 2025-01-14))

I'm guessing a feature related to trait bounds got stabilized between 1.81 and 1.84, since rustc 1.84.0 (9fc6b4312 2025-01-07) works fine too.
I could copy+paste the trait bounds a bunch of times, but that'd be even uglier.

@newpavlov
Copy link
Member

I don't think we need the ref folder for anything. It does not look like it's used for tests or something like this. Or am I missing something?

Compiler version difference?

You could try bumping the compiler version used for benchmarks.

@Demindiro
Copy link
Author

I believe the failing mgm test isn't related to this PR?

@tarcieri
Copy link
Member

@Demindiro it does look unrelated, yes

@Demindiro
Add HS1-SIV
bc2a0ed
@Demindiro
hs1-siv: fix cargo meta, bump version
68271ff
@Demindiro
hs1-siv: remove ref/
f5c1815
@Demindiro
hs1-siv: Cargo.lock, README table entry
0981753 
Rust 1.81.0 is unable to compile HS1-SIV, but 1.84.0 is.
@Demindiro
hs1-siv: add .github workflow
16a883f
@Demindiro
hs1-siv: fix max length check for 32 bit targets, also add to decrypt
1dceeb1
@Demindiro
optimize poly_finalize
fa757d9 
LLVM isn't smart enough to change the array version to a cmovcc and
instead spills to memory
@Demindiro
hs1-siv: Compute NH for each h in parallel
323b7ee
@Demindiro
hs1-siv: add SSE2 version of Hasher::update_block
1ff89ad 
Despite my best efforts I seem unable to get LLVM to emit vectorized
code, even though it should be obviously beneficial.

I suspect LLVM is thrown off by the 64 bit multiply, which is missing in
the SSE2 instruction set. It did take me a while to figure out that
casting an array of __m128i to [u64; 2] would end up the most
performant.

The SSE2 version is about ~%20 faster for me, so it is a substantial
improvement.

Also, inline(always) on pretty much everything is now beneficial,
whereas before it led to significant regressions. It does create a fair
bit of code bloat though.
@newpavlov
Copy link
Member

The mgm CI failure is fixed in #654, so you need to rebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Demindiro @newpavlov @tarcieri