[136514] in cryptography@c2.net mail archive
Re: the skein hash function
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Oct 30 11:28:43 2008
Date: Wed, 29 Oct 2008 23:30:27 -0700
To: Cryptography List <cryptography@metzdowd.com>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <20081029172413.GJ11968@leitl.org>
Eugen Leitl and Stephan Somogyi <cryptography@lt.gross.net> wrote
about the Skein hash function announcement.
>http://www.schneier.com/blog/archives/2008/10/the_skein_hash.html?1
> http://www.schneier.com/skein.html
One thing I noticed on a first read-through was
a discussion of speed for ASICs vs. general CPUs.
Their implementation on CPUs was about 4 Gbps/core,
and their estimate of ASIC speed was about 5 Gbps
using about 80K gates worth of ASIC,
and their hash-tree mode makes parallelization efficient.
Their conclusion was that ASICs don't give you
much of a speedup, but may save power or cost.
A quick google-look at ASICs showed a number
in the range of 300K-20M gates,
so hash-trees could probably get speedups of up to 20-100x
if you can keep from becoming input-speed-bound.
The 300K chips were about $6, 5M at $50 and 350MHz,
which is somewhat faster than the Skein team estimate,
and some of the denser chips didn't mention price
but were starting to use 45nm technology.
So if Skein becomes popular, ASIC accelerator hardware
may be practical for higher-speed applications.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
