Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an optimized implementation of the (SUNDAE)[https://tosc.iacr.org/index.php/ToSC/article/view/7296/6470] AEAD cipher using x86_64 instructions. SUNDAE reached the second stage of the (NIST lightweight cryptography competition)[https://csrc.nist.gov/Projects/lightweight-cryptography] as part of SUNDAE-GIFT and is generally paired well with low area, low power consumption block ciphers (like GIFT), because it was specifically designed for resource constrained environments such as IoT devices. It can also be used as a MAC algorithm, if only associated data is provided.
This pull request contains a full implementation of the mode, no features missing (at least to my knowledge), though it would definitely be nice to implement an ARM version in the future.
It comes with a pre-defined SundaeAes type using Aes128 as underlying block cipher, though I think I would swap that out for GIFT once (#322)[https://github.com/RustCrypto/block-ciphers/pull/322] is approved.
I was able to benchmark an optimized C vs this implementation and found, that both operate almost equally, with C being around 0.4 cpb faster for lower buffer sizes and 0.12 cpb for bigger buffer sizes. On an Intel Core i7 8700k with 3.7GHz core clock the Rust implementation performed at 5.595 - 5.387cpb and the C implementation at 5.18 - 5.265cpb for buffer sizes from 1KiB to 16KiB, both using Aes128 as block cipher.
The crate is [no_std] but one thing I have to point out is that I am using the
u8x16
type fromcore::simd
, which requires me to enable#![feature(portable_simd)]
, because it is still considered an unstable library feature.