I need a very, very fast one-to-one algorithm. The algorithm doesn't need to be unbreakable. Reasonably strong is enough but it must be lightning fast. I will be implementing it in hardware. Area is a concern, too, so it shouldn't use too much logic.
It should be a function f_N(x) whose input is an N-bit number and whose output is an N-bit number. N is a constant, probably between 20-70. The function must be one-to-one. (ie invertible, meaning that decryption is possible. Decryption speed is irrelevant.)
I need to encrypt in under 3ns, which is about 333M inputs per second. DES, for example, does about 50Mbits per second. I need 333M inputs per second.
So far I've been using a Feistel cipher with about 6 rounds. That seems to take about 3ns.
Suggestions?
More notes
There have been some questions so I'll explain. I need to put keys into a hash table. The standard method is to hash the input key and use the result as an index into a table. Each row in the table must store the original key. Information theory tells us that the rows of the table don't actually need to be as wide as the input key, but rather as wide as the input key less the number of bits in the address of the table. For example:
- input: x (N bits)
- hash: x%128 (8 bits)
- verifier: floor(x/128) (N-8 bits)
It would be silly on a CPU where integers are usually the same width but I'm doing it in hardware.
x%128 is an easy hash to break. In fact, if the input keys only differ in the first few bits, you will have broken the hash on accident. I want a hash that won't be broken on accident and might even be difficult to break on purpose. I also tried an LFSR. LFSRs are fast but two LFSRs of equal length generate hash results that are correlated linearly. (If f(x) and g(x) give the same hash for two different polynomials, f(x+1) and g(x+1) are easily correlated.)
So, I need a function with N-bit input and V-bit,H-bit output (V+H=N) where it is difficult to find two inputs of length N such that both will output the same H. Encryption fits the bill in that it leaves the output the same length as the input and it is difficult to reverse. Something other than encryption might work, too, though it seems like what I want is almost the very definition of encryption.
Sorry about not explaining all this up-front. Hope that this clarifies things.