查看文章

In this short note we present an improvement of about 15% over our performance gures for the MD4-family of hash functions as presented at Crypto'96. The improvement is obtained by substituting n-cycle instructions by n 1-cycle instructions, and reducing the number of instructions by means of the super-add instruction lea, thereby carefully avoiding the dreaded AGI.

In BGV96] we presented optimized implementations of MD4, MD5, SHA-1, RIPEMD, RIPEMD-128 and RIPEMD-160 on Intel's Pentium processor. The goal of this short note is to present an improvement of about 15% over these gures. We refer to BGV96] for an explanation of the terminology used, and to BGV97] for a detailed critical path analysis of these algorithms. In terms of processor pipeline stages the critical path of these new implementations is slightly longer (on the average about 16 stages). However, this lengthening allows us to substitute the single remaining 2-cycle instruction in each step by 2 single cycle instructions. This in itself doesn't reduce the total number of clock cycles (and moreover requires an additional auxiliary register), but if we can move one of these instructions partially or entirely out of the critical path by pairing it with another single cycle instruction, then the overall e ect will be a reduction of the total number of clock cycles. In view of the already high percentage of simple paired instructions of the old implementations BGV96, Table 4], this seems to be an impossible task. However, here the super-add instruction lea comes to our rescue, by allowing us to combine 2 single cycle add instructions into a single instruction taking only 1 cycle, provided the 1-cycle …