search

ziglang / zig

General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
https://ziglang.org
MIT License
35.06k stars 2.56k forks source link

std.crypto.aes: introduce AES block vectors #22023

Closed jedisct1 closed 9 hours ago

jedisct1 commented 3 days ago

Modern Intel CPUs with the VAES extension can handle more than a single AES block per instruction.

So can some ARM and RISC-V CPUs. Software implementations with bitslicing can also greatly benefit from this.

Implement low-level operations on AES block vectors, and the parallel AEGIS variants on top of them.

AMD Zen4:

  aegis-128x4:      73225 MiB/s
  aegis-128x2:      51571 MiB/s
   aegis-128l:      25806 MiB/s
  aegis-256x4:      46742 MiB/s
  aegis-256x2:      30227 MiB/s
    aegis-256:       8436 MiB/s
   aes128-gcm:       5926 MiB/s
   aes256-gcm:       5085 MiB/s

AES-GCM, and anything based on AES-CTR are also going to benefit from this later.

jedisct1 commented 2 days ago

MACs:

  aegis-128x4 mac:      71291 MiB/s
  aegis-128x2 mac:      62049 MiB/s
   aegis-128l mac:      31178 MiB/s
  aegis-256x4 mac:      28398 MiB/s
  aegis-256x2 mac:      15602 MiB/s
    aegis-256 mac:       8226 MiB/s
   siphash128-1-3:       7064 MiB/s
   siphash128-2-4:       4277 MiB/s
      hmac-sha256:       2126 MiB/s
      hmac-sha512:        742 MiB/s