Unoptimized BLAKE2b

*Issue reported in the context of Kudelski Security's audit*

The implementation does not leverage vectorized instructions. For example, on platforms supporting AVX2, a reference, portable implemnentations is about 40% slower than an AVX2 implementation, as reported on a Cannonlake microarchitecture benchmark from [SUPERCOP](http://bench.cr.yp.to/web-impl/amd64-cannon-crypto_hash.html).

An AVX2 implementation of BLAKE2b can be found in the SUPERCOP archive as well as in [Libsodium](https://github.com/jedisct1/libsodium/blob/1.0.16/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h).
An AVX512-optimized version of BLAKE2s (not BLAKE2b) is used in [Wireguard](https://git.zx2c4.com/WireGuard/tree/src/crypto/zinc/blake2s/blake2s-x86_64.S).
Similar techniques may be used to optimize BLAKE2b for the AVX512 instruction set.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unoptimized BLAKE2b #60

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unoptimized BLAKE2b #60

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions