[Libre-soc-dev] gcc binutils sv cryptoprimitives etc

Luke Kenneth Casson Leighton lkcl at lkcl.net
Wed Jan 20 14:18:18 GMT 2021 

i trust the strategy is now clear?

* seek EUR 50k funding and on the basis of that seek $NNNk VC funding to
complete a commercial chip

 (the skywater 130nm test chip only has 48 pins and is useless commercially)

 in this way we do not have someone coming along and spongeing off of our
expertise by slapping it into silicon before we get the opportunity to do
so.

 even if they did so we go to investors and say, "these people put
something inferior into silicon, we can do better".


* wait for other open source contributors to come forward with the
expertise needed

* enable and empower people from universities to do PhDs and MScs in
constant time analysis, where they will have plenty of time (that we do not
have).

* reach out to other open source developers with the required expertise and
encourage them to put in a SECOND AND SEPARATE NLnet funding request for
constant time improvements

***NOT***:

seek EUR 50k to complete a fraction of the work, in the process
jeapordising our chances.

is this now clear why constant time is hard-cut from consideration?


moving on.

i looked at SHA2, it seems pretty straightforward
https://en.wikipedia.org/wiki/SHA-2

i can see why it's done as a hard macro.

   ch := (e and f) xor ((not e) and g)
   maj := (a and b) xor (a and c) xor (b and c)

"ch" is cmix in riscv bitmanip, and is covered by ternaryops.  i *believe*,
amazingly, that maj is also covered as one of the 256 ternaryops.  it has
to be, being 3 operands: my understanding is that ternaryops covers all
possible permutations of truth table recombinations of 3 bitwise operations.

the rotate is a little trickier

   S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25)
   S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22)

these are easy to justify doing as hardcoded due to the fact that by doing
so they are just straight wires and therefore are just a bunch of XORs.

except that SHA512 uses different constants, now that is *12* different
hardcoded rewirings.

six of one and half a dozen of the other, on balance having 4 options is
ok.  SO/S1, 256/512.  it's not a lot of silicon.

any others?

the primary focus of the EU Grant is blockchain, blockchain blockchain
blockchain: Michiel worked very hard to widen the scope but the EU
reviewers will jump more if "blockchain" is mentioned.

so what algorithms are primarily used there? i realise they are all
different.

we need some help here.

l.







-- 
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68

More information about the Libre-soc-dev mailing list