The Usuba language is driven by a combination of algorithmic and hardware-specific constraints. To get high throughput, we focus exclusively on parallel modes of operation such as counter mode (CTR).We translate this constraint by forbidding feedback loops in our designs. An Usuba program can therefore be understood as a stateless combinational circuit, parallelizable by design. Read More...
Bitslicing is supposedly slow when it comes to arithmetic operations, since bitsliced program need to manually reimplement arithmetic using logical gates. In this post, we will show how much of a slowdown this would incur on an Intel Skylake CPU. Read More...
The previous post introduced bitslicing, a technique to speed up cipher implementations by introducing huge amounts of data-parallelism. However, this technique cannot be applied on ciphers relying on arithmetic operations, puts a lot of pressure on registers, and requires a lot of independent inputs to be efficient. In order to overcome those issues, we propose a generalization of bitslicing called mslicing. Msliced codes use much fewer registers than bitsliced ones, and can fully exploit the capabilities of SIMD extensions. Read More...
Bitslicing was initially introduced by Biham as an implementation trick to speed of software implementations of the DES cipher. The basic idea of bitslicing is to represent a n-bit data as 1 bit is n distinct registers, or, more generally, m n-bit data as n m-bit registers. This technique can thus be used to encrypt large amounts of data at once, especially when using SIMD registers. Read More...
Usuba is a high-level domain-specific programming language for cryptography , making it easy to reason on programs (and therefore assert of their correctness). Usuba is constant-time by construction, thus protecting against cache-timing attacks, and can automatically insert countermeasures like boolean masking to protect against power-based side-channels. Finally, Usuba compiles to high-performance C code, exploiting SIMD extensions of modern CPUs when available (SSE, AVX, AVX512 on Intel, Neon on ARM, AltiVec on PowerPC) Read More...