On Wed, 2016-12-21 at 15:42 +0100, Jason A. Donenfeld wrote: > Hi Eric, > > I computed performance numbers for both 32-bit and 64-bit using the > actual functions in which talking about replacing MD5 with SipHash. > The basic harness is here [1] if you're curious. SipHash was a pretty > clear winner for both cases. > > x86_64: > [ 1.714302] secure_tcpv6_sequence_number_md5# cycles: 102373398 > [ 1.747685] secure_tcp_sequence_number_md5# cycles: 92042258 > [ 1.773522] secure_tcpv6_sequence_number_siphash# cycles: 70786533 > [ 1.798701] secure_tcp_sequence_number_siphash# cycles: 68941043 > > x86: > [ 1.635749] secure_tcpv6_sequence_number_md5# cycles: 106016335 > [ 1.670259] secure_tcp_sequence_number_md5# cycles: 95670512 > [ 1.708387] secure_tcpv6_sequence_number_siphash# cycles: 105988635 > [ 1.740264] secure_tcp_sequence_number_siphash# cycles: 88225395 > > >>> 102373398 > 70786533 > True > >>> 92042258 > 68941043 > True > >>> 106016335 > 105988635 > True > >>> 95670512 > 88225395 > True > > While MD5 is probably faster for some kind of large-data > cycles-per-byte, due to its 64-byte internal state, SipHash -- the > "Sip" part standing "Short Input PRF" -- is fast for shorter inputs. > In practice with the functions we're talking about replacing, there's > no need to hash 64-bytes. So, SipHash comes out faster and more > secure. > > I also haven't begun to look focusedly at the assembly my SipHash > implemention is generating, which means there's still window for even > more performance improvements. > > Jason > > > [1] https://git.zx2c4.com/linux-dev/tree/net/core/secure_seq.c?h=siphash-bench#n194 Now I am quite confused. George said : > Cycles per byte on 1024 bytes of data: > Pentium Core 2 Ivy > 4 Duo Bridge > SipHash-2-4 38.9 8.3 5.8 > HalfSipHash-2-4 12.7 4.5 3.2 > MD5 8.3 5.7 4.7 That really was for 1024 bytes blocks, so pretty much useless for our discussion ? Reading your numbers last week, I thought SipHash was faster, but George numbers are giving the opposite impression. I do not have a P4 to make tests, so I only can trust you or George. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html