Grøstl – a SHA-3 candidate
Implementations
The reference implementation and some optimized code in C are part of the NIST submission package.
Other implementations will appear here over time.
Software benchmarks
A number of Grøstl implementations have been developed and submitted to the eBASH benchmarking project. This tarball contains the Grøstl implementations currently included in eBASH. Below we list some of the benchmarking results. Note that at this point there is no Grøstl-512 implementation optimised for the Opteron.
| Digest size | Processor | Mode | Speed |
|---|---|---|---|
| 224/256 | Core 2 Duo | 64-bit | 21.3 cycles/byte |
| Opteron | 64-bit | 19.4 cycles/byte | |
| Core 2 Duo | 32-bit | 22.8 cycles/byte | |
| Pentium M | 32-bit | 29.9 cycles/byte | |
| 384/512 | Core 2 Duo | 64-bit | 29.8 cycles/byte |
| Opteron | 64-bit | 39.7 cycles/byte | |
| Core 2 Duo | 32-bit | 36.7 cycles/byte | |
| Pentium M | 32-bit | 55.3 cycles/byte |
Hardware ASIC implementations
Stefan Tillich developed high-speed Grøstl-256 ASIC implementations in 0.18µm technology of UMC. Here are the synthesis results.
| Total area (mm2) | Total area (GE) | Throughput (Gbit/s) |
|---|---|---|
| 547,227.47 | 58,403 | 6.290 |
| 538,462.41 | 57,467 | 6.141 |
| 523,472.74 | 55,867 | 5.690 |
| 471,626.06 | 50,334 | 2.725 |