Skip to content

Commit bb3b13b

Browse files
authored
ghash: base degree of parallelism on polyval (#291)
We currently choose a value of 1 for the software backend, or 8 if we're using intrinsics, where the latter can best exploit the powers-of-H optimization (or going forward, the R/F algorithm in #290). The "parallelism" here represents the number of blocks we process in a single logical operation from the API perspective. The actual processing is also parallel in that it uses ILP, but blocks are still ultimately processed in sequence. However, the aforementioned optimizations eliminate some of the computations we'd otherwise perform processing input a block-at-a-time, like deferring or even completely eliminating Montgomery reductions. All that said, `ghash` was unconditionally always using 8-block inputs, even if the software backend was in use. The software backend now implements powers-of-H for consistency, but it seems unlikely to provide much benefit, especially compared to the benefit for when intrinsics are available, and that still holds for the R/F algorithm as explicitly stated in the paper. This re-exports a `polyval::DEFAULT_PARALLELISM` constant which is conditionally set to 1 or 8 depending on if the `soft` backend is in use, and has `ghash` use that to decide its degree of parallelism (which, ultimately, is selecting the degree of parallelism to use in the `polyval` core it's built on)
1 parent 6433e64 commit bb3b13b

2 files changed

Lines changed: 14 additions & 15 deletions

File tree

ghash/src/lib.rs

Lines changed: 9 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
pub use polyval::universal_hash;
1010

11-
use polyval::PolyvalGeneric;
11+
use polyval::{DEFAULT_PARALLELISM, PolyvalGeneric};
1212
use universal_hash::{
1313
KeyInit, UhfBackend, UhfClosure, UniversalHash,
1414
array::ArraySize,
@@ -31,23 +31,19 @@ pub type Tag = universal_hash::Block<GHash>;
3131

3232
/// **GHASH**: universal hash over GF(2^128) used by AES-GCM.
3333
///
34-
/// GHASH is a universal hash function used for message authentication in
35-
/// the AES-GCM authenticated encryption cipher.
36-
pub type GHash = GHashGeneric<8>;
34+
/// GHASH is a universal hash function used for message authentication in the AES-GCM authenticated
35+
/// encryption cipher.
36+
pub type GHash = GHashGeneric<{ DEFAULT_PARALLELISM }>;
3737

3838
/// **GHASH**: universal hash over GF(2^128) used by AES-GCM.
3939
///
40-
/// GHASH is a universal hash function used for message authentication in
41-
/// the AES-GCM authenticated encryption cipher.
40+
/// GHASH is a universal hash function used for message authentication in the AES-GCM authenticated
41+
/// encryption cipher.
4242
///
43-
/// Paramaterized on a constant that determines how many
44-
/// blocks to process at once: higher numbers use more memory,
45-
/// and require more time to re-key, but process data significantly
46-
/// faster.
47-
///
48-
/// (This constant is not used when acceleration is not enabled.)
43+
/// Parameterized on a constant that determines how many blocks to process at once: higher numbers
44+
/// use more memory, and require more time to re-key, but process data significantly faster.
4945
#[derive(Clone)]
50-
pub struct GHashGeneric<const N: usize = 8>(PolyvalGeneric<N>);
46+
pub struct GHashGeneric<const N: usize = { DEFAULT_PARALLELISM }>(PolyvalGeneric<N>);
5147

5248
impl<const N: usize> KeySizeUser for GHashGeneric<N> {
5349
type KeySize = U16;

polyval/src/lib.rs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,9 @@ pub const BLOCK_SIZE: usize = 16;
3434
/// Size of a POLYVAL key in bytes
3535
pub const KEY_SIZE: usize = 16;
3636

37+
/// Default degree of parallelism to use.
38+
pub const DEFAULT_PARALLELISM: usize = FieldElement::DEFAULT_PARALLELISM;
39+
3740
/// POLYVAL keys (16-bytes)
3841
pub type Key = Array<u8, U16>;
3942

@@ -47,7 +50,7 @@ pub type Tag = Array<u8, U16>;
4750
///
4851
/// This type alias uses the default amount of parallelism for the target (`8` for `aarch64`/`x86`,
4952
/// `1` for other targets using a pure Rust fallback implementation).
50-
pub type Polyval = PolyvalGeneric<{ FieldElement::DEFAULT_PARALLELISM }>;
53+
pub type Polyval = PolyvalGeneric<{ DEFAULT_PARALLELISM }>;
5154

5255
/// **POLYVAL**: GHASH-like universal hash over GF(2^128).
5356
///
@@ -56,7 +59,7 @@ pub type Polyval = PolyvalGeneric<{ FieldElement::DEFAULT_PARALLELISM }>;
5659
///
5760
/// (This constant is not used when acceleration is not enabled.)
5861
#[derive(Clone)]
59-
pub struct PolyvalGeneric<const N: usize = { FieldElement::DEFAULT_PARALLELISM }> {
62+
pub struct PolyvalGeneric<const N: usize = { DEFAULT_PARALLELISM }> {
6063
/// Powers of H in descending order.
6164
///
6265
/// (H^N, H^(N-1)...H)

0 commit comments

Comments
 (0)