PRNG i GMP
Niels Möller
nisse at lysator.liu.se
Mon Apr 15 12:44:46 UTC 2019
tg at gmplib.org (Torbjörn Granlund) writes:
> Chacha is an alternative, and is curely useful when no AES acceleration
> is available. But AES might actually be (much!) faster on current x86
> hardwate:
Hmm. Speed of aes using the special instructions seem better than I
remembered. In my implementation, aes128 is 1.3 cycles/byte, aes256 is
2.0 c/b, and chacha 6.7 c/b. On the other hand, chacha is pretty fast on
any architecture, and can make use of any reasonable set of simd
instructions.
> My main goal is not to provide a PRNG for direct cryptographic use, but
> rather to provide a great and efficient PRNG.
For non-cryptographic purposes, I guess one can also consider chacha
with reduced number of rounds, but one then loses the advantage of using
a well-establiched building block.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
More information about the gmp-devel
mailing list