PRNG i GMP
tg at gmplib.org
Mon Apr 15 13:50:47 UTC 2019
nisse at lysator.liu.se (Niels Möller) writes:
Hmm. Speed of aes using the special instructions seem better than I
remembered. In my implementation, aes128 is 1.3 cycles/byte, aes256 is
2.0 c/b, and chacha 6.7 c/b. On the other hand, chacha is pretty fast on
any architecture, and can make use of any reasonable set of simd
The performance is awesome.
A possible disadvantage is non-x86 hardware. I know Arm has someting,
but instruction availablility on Arm is an absolute nightmare.
I dunno about POWER.
Our current default PRNG is also very fast, IIRC it does on the order of
10 Gbit/s on current hardware.
I don't think we need to squeeze every cycle out of GMP's PRNG
functions. They should be fast enough not to bootleneck testing, and be
I widely understood algorithm is also a big advantage.
For non-cryptographic purposes, I guess one can also consider chacha
with reduced number of rounds, but one then loses the advantage of using
a well-establiched building block.
If we use chacha with fewer rounds, we should perhaps not mention chacha
in the docs, as else somebody would surely use it for something
cryptographic and get a surprise.
Please encrypt, key id 0xC8601622
More information about the gmp-devel