Skip to content

ascon: improve performance of permutation#118

Merged
newpavlov merged 2 commits intoRustCrypto:masterfrom
Gusted:improve-perf
Apr 20, 2026
Merged

ascon: improve performance of permutation#118
newpavlov merged 2 commits intoRustCrypto:masterfrom
Gusted:improve-perf

Conversation

@Gusted
Copy link
Copy Markdown
Contributor

@Gusted Gusted commented Mar 22, 2026
edited
Loading

Use a slightly different substitution implementation that is slightly more efficient. This does require that the function is now strictly seperated in the three layers.

The assembly with -C opt-level=2 shows no weird instructions, permute_12 without soft-compact is fully unrolled and from and to arrays is skipped. With soft-compat it's not unrolled but does also skip from and to arrays between the iterations.

Benchmarks with and without soft-compat are quite similair (to the point I'm guessing I'm not even running it correctly).

Permutation/1 round     time:   [4.6049 ns 4.6597 ns 4.7094 ns]
                        change: [-17.040% -15.975% -14.976%] (p = 0.00 < 0.05)
Permutation/6 rounds    time:   [17.179 ns 17.301 ns 17.452 ns]
                        change: [-27.748% -26.520% -25.229%] (p = 0.00 < 0.05)
Permutation/8 rounds    time:   [23.835 ns 23.979 ns 24.109 ns]
                        change: [-24.968% -24.238% -23.588%] (p = 0.00 < 0.05)
Permutation/12 rounds   time:   [33.011 ns 33.458 ns 33.882 ns]
                        change: [-25.656% -24.646% -23.615%] (p = 0.00 < 0.05)

@Gusted
ascon: improve performance of permutation
1a42ef8 
Use a slightly different substitution implementation that is slightly
more efficient. This does require that the function is now strictly
seperated in the three layers.

The assembly with `-C opt-level=2` shows no weird instructions,
`permute_12` without `soft-compact` is fully unrolled and from and to
arrays is skipped. With `soft-compat` it's not unrolled but does also
skip from and to arrays between the iterations.

Benchmarks with and without soft-compat are quite similair (to the
point I'm guessing I'm not even running it correctly).

Permutation/1 round     time:   [4.6049 ns 4.6597 ns 4.7094 ns]
                        change: [-17.040% -15.975% -14.976%] (p = 0.00 < 0.05)
Permutation/6 rounds    time:   [17.179 ns 17.301 ns 17.452 ns]
                        change: [-27.748% -26.520% -25.229%] (p = 0.00 < 0.05)
Permutation/8 rounds    time:   [23.835 ns 23.979 ns 24.109 ns]
                        change: [-24.968% -24.238% -23.588%] (p = 0.00 < 0.05)
Permutation/12 rounds   time:   [33.011 ns 33.458 ns 33.882 ns]
                        change: [-25.656% -24.646% -23.615%] (p = 0.00 < 0.05)
newpavlov
newpavlov approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@newpavlov newpavlov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you and sorry for the late review!

@newpavlov newpavlov merged commit 35a5370 into RustCrypto:master Apr 20, 2026
13 checks passed
@newpavlov newpavlov mentioned this pull request Apr 22, 2026
Merged
newpavlov added a commit that referenced this pull request Apr 22, 2026
@newpavlov
Release ascon v0.5.0 (#123)
f0863a4 
### Changed
- Edition changed to 2024 and MSRV bumped to 1.85 ([#89])
- Improved performance of permutations ([#118])
- Replaced the `State` struct with free-standing permutation functions
([#122])

### Removed
- `zeroize` crate feature ([#122])

[#89]: #89
[#118]: #118
[#122]: #122
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@newpavlov newpavlov newpavlov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gusted @newpavlov