| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by tw04 3394 days ago

Intel hass had SHA1/2 acceleration for YEARS via the AES-NI instruction set.

https://en.wikipedia.org/wiki/Intel_SHA_extensions

>There are seven new SSE-based instructions, four supporting SHA-1 and three for SHA-256:

>SHA1RNDS4, SHA1NEXTE, SHA1MSG1, SHA1MSG2, SHA256RNDS2, SHA256MSG1, SHA256MSG2

2 comments

throwawayish 3394 days ago

This is not part of AES-NI and has never been released in a mid-range+ server/desktop CPU, only part of some Atom parts (Goldmont). Therefore software support is poor (I think OpenSSL does not support it). It is said to be included in 2018+ Cannonlake, though.

link

floatboth 3394 days ago

haha nope. This is not a part of AES-NI.

The only processors so far with these extensions are low power Goldmont chips.

https://github.com/weidai11/cryptopp/issues/139

link

Scaevolus 3394 days ago

Goldmont probably has them because it doesn't have the wide AVX pipelines necessary for fast software crypto.

Skylake can compute SHA1 at 4.3-3.4 cycles/B and SHA256 at 7-9 cycles/B [1]. That's ~1GB/s SHA1 and ~500MB/s SHA256.

1: https://bench.cr.yp.to/results-hash.html#amd64-skylake

link