[cryptography] Javascript scrypt performance comparison

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Fri May 8 03:04:47 EDT 2015

On 5/8/15 2:34 AM, Solar Designer wrote:
> On Mon, May 04, 2015 at 11:48:25AM +0200, Fabio Pietrosanti (naif) - lists wrote:
>> Also for upcoming implementation extending scrypt concept, like
>> yescrypt/yescrypt-lite it would be very interesting to think how to make
>> it faster in the context of the browser/javascript/html5.
> Taylor Hornby might try implementing yescrypt-lite with SIMD.js this
> summer as part of his GSoC project.
> https://hacks.mozilla.org/2014/10/introducing-simd-js/
> Unfortunately, SIMD.js is lacking 64-bit integer vector elements, so
> they will have to be emulated with 32-bit ones (perhaps across pairs of
> SIMD vectors), yet this might provide some speedup over scalar code.
> Obviously, this version will be less portable.

That's quite interesting!

Did you considered also extending asmcrypto.js with SIMD.js, then using
asmcrypto.js library?

That way the low-level optimized crypto primitives will stay self-contained.

We are in an implementation phase of end-to-end crypto in GlobaLeaks and
we're on-boarding scrypt-async-js as per your suggestion, collaborating
on improving that library (we introduced automated CI testing,
webworkers, small performance optimizations).

Do you think that yescrypt-lite in JS will be a reasonable substitute of
scrypt within a defined amount of time (we're open and interested to
integrate latests crypto)?

Did you ever evaluated to try to design a yescrypt-lite in a way to
leverage at maximum the existing WebCrypto API other than SIMD.js
(that's a cool stuff!)?

For GlobaLeaks we're sacrificing compatibility as we need WebWorkers,
Promise, WebCrypto API, so we'll be focusing e2e release only for
latests browsers.
But is SIMD going to be part of latests browsers?


More information about the cryptography mailing list