AEZ (Duh)

Yawning Angel 043b73f8eb Don't bother checking osxsave, we don't use ymm registers. 1 month ago
.gitignore c7de081252 Add a .gitignore. 1 month ago
LICENSE 683c76725c Add a LICENSE file. 1 month ago
README.md 9f2d4d68fd Add some benchmark output. (No functional changes) 1 month ago
aead.go deddc61482 Make the Encrypt/Decrypt API more like the AEAD one. 1 month ago
aez.go e9323463bc Misc cleanup: 1 month ago
aez_amd64.go 043b73f8eb Don't bother checking osxsave, we don't use ymm registers. 1 month ago
aez_amd64.py da0b9cb6d7 Be consistent about which param is ECX for CPUID. 1 month ago
aez_amd64.s da0b9cb6d7 Be consistent about which param is ECX for CPUID. 1 month ago
aez_ref.go 8d0ccfa0ec Fix the non-amd64 build. 1 month ago
aez_test.go 1fec875fa1 Clean up benchmarks to use sub-benchmarks. 1 month ago
round_bitsliced32.go f3750049d0 The bsaes package doesn't export dummy structs for impls anymore. 1 month ago
round_bitsliced64.go f3750049d0 The bsaes package doesn't export dummy structs for impls anymore. 1 month ago
round_vartime.go f865b39620 Bring back the vartime round function. 1 month ago

README.md

aez - AEZ (Duh)

Yawning Angel (yawning at schwanenlied dot me)

This is an implementation of AEZ, primarily based on the reference code. It appears to be correct and the output matches test vectors.

Features:

  • Constant time, always.
  • Will use AES-NI if available on AMD64.
  • Unlike the aesni code, supports a vector of AD, nbytes > 16, and tau > 16.

Benchmarks:

Version Message Size ns/op MB/s
aesni 1 2430 0.41
32 2161 14.80
512 2491 205.51
1024 2608 392.52
2048 2922 700.74
4096 3669 1116.12
8192 5096 1607.43
16384 7892 2075.93
32768 13214 2479.65
65536 24416 2684.11
1024768 381778 2684.20
ct64 (no-asm) 1 7185 0.14
32 9081 3.52
512 26117 19.60
1024 40259 25.43
2048 67867 30.18
4096 124411 32.92
8192 241456 33.93
16394 462033 35.46
32768 914127 35.85
65536 1804397 36.32
1024768 27380841 37.43
ct32 (no-asm) 1 6482 0.15
32 8673 3.69
512 26926 19.01
1024 45842 22.34
2048 83350 24.57
4096 159436 25.69
8192 322488 25.40
16394 618034 26.51
32768 1200462 27.30
65536 2366829 27.69
1024768 37128937 27.60

All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on linux/amd64. A 16 byte authenticator (tau) and no AD was used for each test. Even on systems without AES-NI certain operations are done using SSE2 (eg: XORs), but for the purposes of benchmarking this was disabled for the ct64/ct32 tests.