[noise] [ANNOUNCE] WireGuard Launched!
Jason A. Donenfeld
Jason at zx2c4.com
Tue Jun 28 19:01:21 PDT 2016
On Tue, Jun 28, 2016 at 7:25 PM, Brian Smith <brian at briansmith.org> wrote:
> Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>> I'm excited to hear your feedback, and to work with you in ironing out
>> any issues that come up, fine tuning performance, and so forth.
>
> The main question I have is whether choosing BLAKE2 + ChaCha20 +
> Poly1305 is the best choice of a "one true cipher suite."
>
> If one were to implement the same protocol using SHA-256 + AES-256-GCM
> instead, then wouldn't the performance be much better on Skylake+ and
> ARMv8+? I understand that SHA-256 + AES-256-GCM would be slower and
> more difficult to implement for older hardware.
>
> I think this is the problem that lots of potential users of Noise
> have: choosing between BLAKE2 + ChaCha20 + Poly1305, which are
> optimized for less-capable CPUs, and SHA-256 + AES-256-GCM, for which
> newer CPUs are being optimized.
ChaPoly vectorises very nicely, and so is extremely fast with AVX2 and
AVX512. It is also implemented safely and performantly on a wide range
of hardware.
More information about the Noise
mailing list