On Sun, Oct 11, 2020 at 2:03 PM Niels Möller wrote:
>
> Jeffrey Walton writes:
>
> > I may be mistaken, but I believe 64-bit poly multiplies are available.
> > Or they are available on Aarch64 with Crypto extensions.
>
> I'm looking in the Arm Instruction Set Reference Guide, labeled version
>
Jeffrey Walton writes:
> I may be mistaken, but I believe 64-bit poly multiplies are available.
> Or they are available on Aarch64 with Crypto extensions.
I'm looking in the Arm Instruction Set Reference Guide, labeled version
1.0, 2018.
It includes a section on cryptographic instructions, but
On Sun, Oct 11, 2020 at 1:42 PM Niels Möller wrote:
>
> ni...@lysator.liu.se (Niels Möller) writes:
>
> > So if we have the input in register A (loaded from memory with no
> > processing besides ensuring proper *byte* order), and precompute two
> > values, M representing b_1(x) x^64 + c_1(x), and
o
levels), at the cost of more xors and data movement instructions, and
lots of complexity.
(There have been ARM Neon code for gcm posted to the list earlier, but if I
remember correctly, that code didn't work in bit-reversed representation,
but used a bunch of explicit reversal operations).
Regards,
