[Libre-soc-dev] gcc binutils sv cryptoprimitives etc

[Luke Kenneth Casson Leighton]

On Tuesday, January 19, 2021, Jacob Lifshay <programmerjake at gmail.com>
wrote:
> On Tue, Jan 19, 2021, 13:47 Luke Kenneth Casson Leighton <lkcl at lkcl.net>
> wrote:
>
>> On Tuesday, January 19, 2021, Jacob Lifshay <programmerjake at gmail.com>
>> wrote:
>>
>> >
>> > I'm saying without data-independent execution time our cpu is 99.9%
>> useless
>> > for cryptography.
>>
>> it's an OoO Vector Engine.  it's deeply unsuited to constant time
>> execution.  as in: *fundamentally* unsuited and 100% fully incompatible.
>>  trying to claim otherwise is disingenuous and we will get into trouble
if
>> we try.
>
>
> You're missing my point, which is that cryptography relies on
> *data*-independent execution time, which is fully compatible with OoO
> execution

not if predication is used in Vector ISAs.

which is, again, i have already informed Michiel that anything and i mean
anything related to time analysis is fully, categorically and irrevocably
100% and i mean 100% absolute without fail absolute 100% out of scope for
this Grant Application.

i am 100% aware of the different types of timing attacks: they are and
shall remain 100% *out of scope* for the purposes of this Grant Application.

LATER in some OTHER funded application when we have actual customers on the
basis of having COMPLETED this current work can timing analysis be done.

but NOT NOW.

it's great that you know of these things: as they are out of scope however
they're not very useful to help develop the Grant Application which has had
timing attacks specifically excluded from the scope.

l.


-- 
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68