[2194] in cryptography@c2.net mail archive
Re:  crypto on MMX
daemon@ATHENA.MIT.EDU (Colin Plumb)
Thu Feb 26 01:08:11 1998
Date: Wed, 25 Feb 1998 21:58:23 -0700 (MST)
From: Colin Plumb <colin@nyx.net>
To: karn@qualcomm.com
Cc: cryptography@c2.net
> My own thinking is that the MMX instruction set is not particularly
> well suited to DES, where most of the work is in dissecting bit
> fields, shifting them around and doing many small table lookups. But
> it might be quite useful in a fast IDEA implementation, where the
> basic operations are arithmetic: addition, XOR and multiplication. It
> might also help in the modmult primitive in most public key ciphers.
IDEA perhaps, although the multiply that IDEA does is a bit tricky,
but not modmult.  The problem is that MMX does not do a full-width
multiply, topping out at (as I recall; it may be smaller) 16x16->32.
It takes 4 of those to make a 32x32->64 which the integer ALU has,
and 16 of them to make the 64x64->128 which the Alpha, MIPS, and
64-bit PowerPC (if it ever gets built) have.
So it turns out not to be a win.  For speed, you want the widest
multiply possible; lots of narrow ones aren't nearly as good.
-- 
	-Colin