Skip to content
/ sha2 Public
forked from research-ag/sha2

Optimized implementation of all SHA2 functions

License

Notifications You must be signed in to change notification settings

ggreif/sha2

This branch is 31 commits behind research-ag/sha2:main.

Repository files navigation

Optimized of all SHA2 functions

Overview

This package implements all SHA2 functions:

  • sha256
  • sha224
  • sha512
  • sha384
  • sha512-256
  • sha512-224

The API allows to hash types Blob, [Nat8] and Iter<Nat8>.

Links

The package is published on MOPS and GitHub. Please refer to the README on GitHub where it renders properly with formulas and tables.

The API documentation can be found here on Mops.

For updates, help, questions, feedback and other requests related to this package join us on:

Motivation

Interface

Usage

Install with mops

You need mops installed. In your project directory run:

mops init
mops add sha2

In the Motoko source file import the package as:

import Sha256 "mo:sha2/Sha256";
import Sha512 "mo:sha2/Sha512";

In you dfx.json make sure you have the entry:

"defaults": {
    "build": {
      "args": "",
      "packtool": "mops sources"
    }
  },

Example

import Sha256 "mo:sha2/Sha256";
[
Sha256.fromBlob(#sha256,""),
Sha256.fromBlob(#sha224,"")
];
import Sha512 "mo:sha2/Sha512";
[
Sha512.fromBlob(#sha512,""),
Sha512.fromBlob(#sha384,""),
Sha512.fromBlob(#sha512_224,""),
Sha512.fromBlob(#sha512_256,"")
];

Build & test

We need up-to-date versions of node, moc and mops installed. Suppose <path-to-moc> is the path of the moc binary of the appropriate version.

Then run:

git clone [email protected]:research-ag/sha2.git
mops install
DFX_MOC_PATH=<path-to-moc> mops test

Benchmarks

The benchmarking code can be found here: canister-profiling

We benchmarked this library's sha256 and sha512 against two other existing implementations, specifically these branches:

The benchmark was run with dfx 0.14.4 with cycle optimisation enabled and moc 0.9.8.

Time

We first measured the instructions for hashing the empty message:

method Sha256 Sha512 mo-sha256 mo-sha512 crypto.mo
empty message 12,185 17,307 246,834 722,402 83,782
relative 1.0 0.71 20.3 29.6 6.9

We then measured a long message of 1,000 blocks and divided by the length. We provide the value per block where a block is 64 bytes for Sha256 and 128 bytes for Sha512, per byte, and relative to this libary's Sha256:

method Sha256 Sha512 mo-sha256 mo-sha512 crypto.mo
per block 15,543 28,691 43,007 69,655 41,708
per byte 243 224 672 544 652
relative 1.0 0.92 2.77 2.24 2.68

Notes:

  • All functions except crypto.mo have been measure with hashing type Blob. crypto.mo has been measured with hashing type [Nat8] because it does not offer type Blob directly.
  • We measured with random input messages created by the Prng package. Measuring with a constant message such that all 0x00 or all 0xff is not a reliable way to measure and produces significantly different results.

Memory

Hashing also creates garbage. We measured the garbage created by a message of length 1,000 blocks and divided the result by the length of the message in bytes. This tells us how many bytes of garbage are produced for each byte that is hashed. For Sha256 this value is 0 which means that the garbage has size O(1). In fact, it is 1,008 bytes regardless of the message length.

method Sha256 Sha512 mo-sha256 mo-sha512 crypto.mo
per byte 0 7.9 8.8 12.5 6.1

Notes:

  • All functions except crypto.mo have been measure with hashing type Blob. crypto.mo has been measured with hashing type [Nat8] because it does not offer type Blob directly. Converting Blob to [Nat8] first will increase the value of garbage per byte by 4.
  • We can see how the use of Nat64 in Sha512 requires signifantly more heap allocations than the use of Nat32 in Sha256.
  • We can conclude that in Motoko it is advisable to use Sha256 over Sha512 despite the slightly higher performance per byte of Sha512.

Implementation notes

The round loops are unrolled. This was mainly motivated by reducing the heap allocations but it also reduced the instructions significantly.

Copyright

MR Research AG, 2023

Authors

Main author: Timo Hanke (timohanke)

License

Apache-2.0

Changelog

0.0.4

Sha256:

  • Eliminate the heap allocations that were linear in message size
  • Reduce instructions per byte by 4%
  • Comes with a per message penalty in instructions of 5%

0.0.3

Sha256:

  • Reduce instructions per byte by 4%
  • Reduce instructions for empty message by 25%
  • Reduce heap allocations from 1.5x to 1x the message size

Sha512:

  • Reduce instructions per byte by 4%
  • Reduce instructions for empty message by 35%

About

Optimized implementation of all SHA2 functions

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Motoko 58.8%
  • Modelica 41.2%