Optimization of Photon-Beetle Hashing and AEAD

[Anjan Roy]

Hi all,

Hope you're doing well.

I'm writing to you to let you know about an implementation trick that I recently discovered while refactoring my zero-dependency, header-only C++ library implementation of Photon-Beetle cipher suite.

When I first implemented Photon-Beetle hashing and AEAD, I followed the final round submission of the specification, where ( for sake of simplicity ) it describes that Photon256 permutation state can be represented using a 8x8 matrix of uint8_t s.t. only lower 4 -bits of uint8_t are of importance. But this form of representation of the state vector is hurting performance, given the fact such as one can't use memcpy for copying public message nonce/ secret key during initialization phase of encryption/ decryption. I figure it's much better idea to rather represent 256 -bit permutation state using 8x4 matrix of uint8_t s.t. all 8 -bits are of importance now. I attach a sketch below, which demonstrates how 256 -bits are laid out in permutation state matrix.

Powered by look-up table based GF(2^4) multiplication ( when mixing columns of Photon256 permutation state ), I get quite some performance boost. Please find another chart ( attached below ) where I show relative performance improvements across the board.

Given that Photon-Beetle-Hash uses RATE=32 ( -bits ), it's bandwidth it fairly limited, even though underlying Photon256 permutation is crunching bytes much faster now. I wonder can't one use Photon-Beetle-Hash with RATE=128 ( -bits ), because I believe it can boost bandwidth. I don't have much understanding about whether that affects cryptographic properties of the hash function or not.

I maintain Photon-Beetle C++ library @ https://github.com/itzmeanjan/photon-beetle

Any improvement suggestions/ feedbacks are welcome. Thanks.

Regards

Anjan Roy