Paper 2012/476

A j-lanes tree hashing mode and j-lanes SHA-256

Shay Gueron

Abstract

j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3rd Generation Intel® Core™. For message ranging 2KB to 132KB in length, the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation (that we are aware of), and between 1.9 to 2.5 times faster than OpenSSL 1.0.1c. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. We explain why j-lanes hashing will be even faster on the future AVX2 architecture with 256 bits registers. This suggests that standardizing a tree mode for hash functions (SHA-256 in particular) would deliver significant performance benefits for a multitude of algorithms and usages.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
Tree mode hashingSHA-256SHA3 competitionSIMD architectureAdvanced Vector Extensions architecturesAVXAVX2.
Contact author(s)
shay @ math haifa ac il
History
2012-08-21: received
Short URL
https://ia.cr/2012/476
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/476,
      author = {Shay Gueron},
      title = {A j-lanes tree hashing mode and j-lanes SHA-256},
      howpublished = {Cryptology ePrint Archive, Paper 2012/476},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/476}},
      url = {https://eprint.iacr.org/2012/476}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.