[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: scrypt Integerify

To: Solar Designer <solar@openwall.com>
Subject: Re: scrypt Integerify
From: Colin Percival <cperciva@tarsnap.com>
Date: Sun, 18 Nov 2012 03:19:46 -0800
Cc: scrypt@tarsnap.com
In-reply-to: <20121117051705.GA16491@openwall.com>
References: <20121117051705.GA16491@openwall.com>

On 11/16/12 21:17, Solar Designer wrote:
> Curiously, the scrypt paper does not appear to fully define Integerify().

Definition 3 specifies that Integerify(B_0 .. B_{2 r - 1}) is defined as
the result of interpreting B_{2 r - 1} as a little-endian integer.

> The code uses:
> 
> static inline uint64_t
> integerify(void * B, size_t r)
> {
> 	uint32_t * X = (void *)((uintptr_t)(B) + (2 * r - 1) * 64);
> 
> 	return (((uint64_t)(X[13]) << 32) + X[0]);
> }
> 
> However, this also works fine (on little-endian), except for very large
> values of N, where it'd differ:
> 
> integerify(void * B, size_t r)
> {
> 	return *(uint64_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
> }
> 
> Obviously, this is slightly smaller and faster code.

Smaller and faster but not the same computation...

> Perhaps the intent behind using X[13]...

I can't actually remember how interpreting B[2r - 1] as a little-endian
value turned into accessing X[13]... did I permute the data somehow when
I went from the -ref code to the -sse code?  It was a long time ago that
I wrote that...

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

Follow-Ups:
- Re: scrypt Integerify
  - From: Solar Designer <solar@openwall.com>

References:
- scrypt Integerify
  - From: Solar Designer <solar@openwall.com>

Prev by Date: Re: scrypt time-memory tradeoff
Next by Date: Re: scrypt time-memory tradeoff
Previous by thread: Re: scrypt Integerify
Next by thread: Re: scrypt Integerify
Index(es):
- Date
- Thread