Nicolas Brunie
Nicolas Brunie
@kdockser it seems our ordering is not consistent in https://github.com/riscv/riscv-crypto/blob/master/doc/vector/insns/vsha2c.adoc Should `a` be the least significant element (element 0, bytes 0 to 3 for SHA-256 and bytes 0 to 7...
The GHASH spec https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf specifies (page 12) the main operation as ``` For i = 1, ..., m, let Yi = (Yi-1 ⊕ Xi) • H ``` This correspond to...
- TODO: @mjosaarinen suggested reviewing parallel mode - the ACCMUL variant requires an extra final XOR and an initial materialization of 0 in a vector. - @mjosaarinen : this op...
@mjosaarinen : the MAC version is better for implementation, as it allows the new message/ciphertext operand to be ready later than required in the ACCMUL variant.
We can close this discussion since the `MAC` version was selected by the task group.
Thank you @wmat. @ben-marshall / @mjosaarinen for your information.
@kdockser for your consideration. (we could/should clarify since `vfmv.v.f` is indeed listed in RVV 1.0 Section 13 but `vfslide1*` are listed in Section 16).
I found the use of floating-point registers as extra storage a bit of an anti-pattern but I am quite sure it will happen. I found your argument about not making...
I feel like it might be interesting to post a link to this issue in the vector-spec (https://github.com/riscv/riscv-v-spec/issues) as this seems to apply mostly to vectors (although NaN boxing is...