CryptoNight detail. Why this kind of multiplication?

Question

The Cryptonight description by the CryptoNote team states that

The 8byte_mul function, however, uses only the first 8 bytes of each argument, which are interpreted as unsigned 64-bit little-endian integers and multiplied together. The result is converted into 16 bytes, and finally the two 8-byte halves of the result are swapped.

I can't understand why this multiplication is computed this way. Why the protocol needs to run an 8 byte multiplication? Is it a hardware optimisation or is it something else I don't understand?

Answer 1

Choices made date back to the original goal of having a hash function that favored modern CPUs (vs GPU/ASIC/FPGAs). Requiring a scratchpad of 2MB fits nicely into a modern CPU L3 cache and thus the required read and writes from that cache are fast. The choice for the 64 bit multiply is again that the operation is fast on modern CPUs.

Of course, history has shown us that todays GPUs can work comfortably with the hashing algorithm, and with enough effort (and money) even ASICs can be built to run as fast or faster - hence the recent tweaks to the algorithm which again, chose operations that are fast/easy on CPUs but harder to (re)implement in ASICs.