We propose in this post some additional ideas to improve Usuba, such as extending vslicing and hslicing to allow parallelism even on general purpose registers, combining vslicing and hslicing to achieve an "hybrid" mslicing (useful to implement ciphers like Chacha20 and Gimli), incorporating modes of operations in Usuba rather than focussing solely on primitives, targeting other SIMD architectures (e.g. Neon and AltiVec), achieving end-to-end correctness of Usubac's pipeline, and, finally, targetting GPUs. Read More...
One could expect the offered by SIMD extensions to be linear in the size of registers, but the reality is more complex. Spilling wider registers puts more pressure on the L1 data-cache, leading to more frequent misses. AVX and AVX512 registers need tens of thousands warm-up cycles before being used, since they are not powered when no instruction uses them. SSE instructions take two operands and overwrite one to store the result, while AVX offer 3-operand non destructive instructions, thus reducing register spilling. Read More...
Fault attacks consist in tampering with a device in order to induce faults in its computations. The most common ways to do so consist in under-powering or over-powering, blasting ionizing light (e.g. lasers), inducing clock glitches, or using electromagnetic (EM) impulsions, even though some more exotic attacks can be designed, like heating up or cooling down, or using X-rays or ion beams. Read More...
CPU leak information through timings, caches accesses, power consumption, electromagnetic radiations or other compromising emanations. One very powerful way to recover this leaked information is to design a Simple Power Analysis (SPA) or a more powerful Differential Power Analysis (DPA) attack, which work by analyzing power or EM traces from a cipher's execution to recover the key and plaintext. Several approaches to mitigate SPA and DPA have been proposed Read More...
Usubac's backend is responsible of optimizing the Usuba0 code and utlimately generating C code. Masking is also done in the backend, but will be presented in a later post. Read More...