Module polyval::backend::soft

Constant-time software implementation of POLYVAL for 64-bit architectures. Adapted from BearSSL’s ghash_ctmul64.c:

https://bearssl.org/gitweb/?p=BearSSL;a=blob;f=src/hash/ghash_ctmul64.c;hb=4b6046412

Copyright (c) 2016 Thomas Pornin [email protected]

Structs

• Polyval
  POLYVAL: GHASH-like universal hash over GF(2^128).
• U64x2 🔒
  2 x u64 values

Functions

• bmul64 🔒
  Multiplication in GF(2)[X], truncated to the low 64-bits, with “holes” (sequences of zeroes) to avoid carry spilling.
• rev64 🔒
  Bit-reverse a u64 in constant time