On Fri, Sep 29, 2000 at 09:52:01PM +0000, Marc Mutz wrote:
> Gisle S{lensminde wrote:
> >
> > See: http://csrc.nist.gov/encryption/aes/
> >
> > TIME: 11:00 a.m. Eastern Daylight Time.
> >
> <snip>
>
> Anyone wants to bet? I'd say one of Twofish, Serpent, Rijndael. To be
> precise, I'd say Serpent. Because it is fastest in HW and the most
> secure. Software performance was never really high on NISTs list (see
> DES). Twofish, while equally secure as Serpent is very complicated and
> Rijndael can only be elected if the number of rounds is increased, which
> implies a relative performance loss w.r.t. the other two.
>
> RC6, though fast and simple, is patented and I don't like that so I
> don't want that. MARS is inefficient everywhere and hasn't got a single
> outstanding advantage over the others.
>
> Sssssssserpent.
>
I'd like serpent to win also. The newest implementation in the
kerneli patch is almost twice as fast as the previous one on Pentium
III, and thus the fastest of all the AES candicates in software too!
And it is definitively the cipher that will benefit the most of the
new SSE2 instruction set that comes with the Pentium 4. I expect that
serpent will reach 5-600Mb/s on a 1.3GHz Pentium 4.
The killer with serpent is that you don't need memory accesses which
means that it is the most parallelizable of the ciphers. Rijndael is
said to be parallelizable, but it requires sbox lookups, so to me that
doesn't make any sense. No major CPU has "scatter-gather" vector
reads from memory!
So serpent is fastest in software, in hardware, and has a high
security standard.
Also, the performance of serpent has tripled during 1/2 a year on
Penium III. I know for certain that I can get another 25% performance
out of the implementatino I'm working on. Also there are improvements
that can be had when more efficient bitslice-implementations of the
sboxes are found. The ones that are currently used for instance, does
not exploit the ANDN MMX instruction. It wouldn't surprise me if
serpent had another 5-10% in this area.
astor
--
Alexander Kjeldaas Mail: astor@xxxxxxx
finger astor@xxxxxxxxxxxxxxxxx for OpenPGP key.
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
