[Libre-soc-dev] Serpent instructions

Luke Kenneth Casson Leighton lkcl at lkcl.net
Mon Dec 5 22:02:59 GMT 2022


On Monday, December 5, 2022, Emanuel Loos via Libre-soc-dev <
libre-soc-dev at lists.libre-soc.org> wrote:
> Hello again, (sorry for sending my first email from the wrong email
address)

not a problem.

>> have a strong Algorithm to switch to without losing hardware acceleration
>
> I just realized I failed to express that thought reasonably: I meant, if
severe vulnerabilities where ever to be discovered in Rijndael, there would
be an alternative with hardware acceleration.

the whole idea of SV is that the need for specific
custom silicon is moot.  although, it is *never* going
to be possible to beat custom silicon on performance/watt,
the inflexibility and sheer cost comes with a risk,
illustrated very clearly by the very point you raise.

the driving force behind SV is that the looping combined
with *general purpose* instructions does far more than
any other ISA ever could, meaning that specific specialist
"one job only" instructions are unnecessary.

Rijndael is a special case: it is put into custom
silicon that can only do one job, because Rijndael is
so heavily used.

Serpent - exactly as you say - simply is not worth it.

an example: we found a paper online that said it improved
chacha20 on RISC-V by 50%, recommending the addition of an
instruction that did a rotate by 7, an add, an XOR and
presumably a bitty little dance hopping on one leg, too.

kidding about the dance aside, the instruction is utterly
useless for any other purpose.

these tradeoffs are bound by the amount of effort involved
plus the context of available opcode space *and* usefulness.
adding instructions comes with a massive burden of both
effort and responsibility.

l.


-- 
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68


More information about the Libre-soc-dev mailing list