Cryptology ePrint Archive: Report 2012/476

A j-lanes tree hashing mode and j-lanes SHA-256

Shay Gueron

Abstract: j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3rd Generation Intel® Core™. For message ranging 2KB to 132KB in length, the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation (that we are aware of), and between 1.9 to 2.5 times faster than OpenSSL 1.0.1c. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. We explain why j-lanes hashing will be even faster on the future AVX2 architecture with 256 bits registers. This suggests that standardizing a tree mode for hash functions (SHA-256 in particular) would deliver significant performance benefits for a multitude of algorithms and usages.

Category / Keywords: implementation / Tree mode hashing, SHA-256, SHA3 competition, SIMD architecture, Advanced Vector Extensions architectures, AVX, AVX2.

Date: received 18 Aug 2012, last revised 21 Aug 2012

Contact author: shay at math haifa ac il

Available format(s): PDF | BibTeX Citation

Version: 20120821:225519 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]