Hi Jonathan, On Wed, 13 Sep 2017, Jonathan Nieder wrote:
> [3] https://www.imperialviolet.org/2017/05/31/skipsha3.html, I had read this short after it was published, and had missed the updates. One link in particular caught my eye: https://eprint.iacr.org/2012/476 Essentially, the authors demonstrate that using SIMD technology can speed up computation by factor 2 for longer messages (2kB being considered "long" already). It is a little bit unclear to me from a cursory look whether their fast algorithm computes SHA-256, or something similar. As the author of that paper is also known to have contributed to OpenSSL, I had a quick look and it would appear that a comment in crypto/sha/asm/sha256-mb-x86_64.pl speaking about "lanes" suggests that OpenSSL uses the ideas from the paper, even if b783858654 (x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256., 2013-10-03) does not talk about the paper specifically. The numbers shown in https://github.com/openssl/openssl/blob/master/crypto/sha/asm/keccak1600-x86_64.pl#L28 and in https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha256-mb-x86_64.pl#L17 are sufficiently satisfying. Ciao, Dscho
