-
Notifications
You must be signed in to change notification settings - Fork 62
无进位乘法和GHASH
Sun Yimin edited this page Aug 21, 2023
·
25 revisions
参考Reference 1,Page 35 - 39
- The PCLMULQDQ + AES-NI combination for AES-GCM
- AES-NI facilitate high performance AES encryption and decryption
- PCLMULQDQ
64 x 64 -> 128 (carry-less)- Binary polynomial multiplication; speed up computations in binary fields
- Using it for AES-GCM:
- To use it for GHASH computations: GF(2^128) multiplication:
- Compute
128 x 128 -> 256via carry-less multiplication (of 64-bit operands) - Reduction:
256 -> 128 modulo x^128 + x^7 + x^2 + x + 1(done efficiently via software)
- Compute
- Cryptographic Hardware and Software and useful architectures
- The Galois/Counter Mode of Operation (GCM)
- Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
- Intel® Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode
- Optimized Galois-Counter Mode implementation on Intel® Architecture Processors
- Enabling High Performance Galois-Counter Mode on Intel® Architecture Processors