[Libre-soc-isa] [Bug 688] New: Look through RISC-V cryptography extensions for ideas worth borrowing
bugzilla-daemon at libre-soc.org
bugzilla-daemon at libre-soc.org
Fri Sep 10 05:13:37 BST 2021
https://bugs.libre-soc.org/show_bug.cgi?id=688
Bug ID: 688
Summary: Look through RISC-V cryptography extensions for ideas
worth borrowing
Product: Libre-SOC's first SoC
Version: unspecified
Hardware: Other
OS: Linux
Status: CONFIRMED
Severity: enhancement
Priority: ---
Component: Specification
Assignee: lkcl at lkcl.net
Reporter: programmerjake at gmail.com
CC: libre-soc-isa at lists.libre-soc.org
NLnet milestone: ---
https://github.com/riscv/riscv-crypto/releases
Particularly interesting:
* Zkt - Data Independent Execution Latency aka. "constant-time" -- exactly like
what I've been saying we should do for years...we're most the way there
already, we just need concerted effort to keep stuff from breaking rather than
the current state of mostly being "constant-time" by accident.
one really important point that I want to ensure you, Luke, (and others) know,
so I'll repeat it even though you probably already know it:
in crypto software/hardware, "constant time" doesn't literally mean "always
runs in the same amount of time no matter what", instead it means "runtime
doesn't depend on data", though it does depend on branch conditions,
instruction fetching/address, and load/store addresses (it does not depend on
load/store data for normal memory).
The RISC-V spec draft linked above states:
> The Zkt extension attests that the machine has data-independent
> execution time for a safe subset of instructions. This property
> is commonly called "constant-time" although should not be taken
> with that literal meaning.
* Zbkx - Crossbar permutation instructions -- like register gather, but
"constant-time"
* They used real executable Sail code as their specification pseudo-code
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Libre-SOC-ISA
mailing list