computational survivalism
play

Computational Survivalism Compiler(s) for the End of Moores Law: a - PowerPoint PPT Presentation

Jul 19, 2023 •15 likes •775 views

Computational Survivalism Compiler(s) for the End of Moores Law: a case study Pierre- Evariste Dagand Joint work with Darius Mercadier Based on an original idea from Xavier Leroy LIP6 CNRS Inria Sorbonne Universit e 1 / 31

  1. Computational Survivalism Compiler(s) for the End of Moore’s Law: a case study Pierre-´ Evariste Dagand Joint work with Darius Mercadier Based on an original idea from Xavier Leroy LIP6 – CNRS – Inria Sorbonne Universit´ e 1 / 31

  2. The End is Coming (Maybe) Turing Award Lecture , David Patterson & John Hennessy (2018) 2 / 31

  3. An Escape Hatch The Way of the Computer Architect: • Towards domain-specific architectures • Solving narrow problems • Delineated by specialized languages • Gustafson’s law: aim for throughput! What keeps us up all night? • How to organize this diversity? • Can we retain a “programming continuum”? • Will PLDI have to go through the next 700 DSLs? 3 / 31

  4. The Usuba Experiment Setup: • Domain-specific architecture: SIMD • Narrow problem: symmetric ciphers • Specialized language: software circuits Parameters: • No runtime, no concurrency • No memory access (feature!) • Evaluation: optimized reference implementations The death of optimizing compilers , Daniel J. Bernstein (2015) 4 / 31

  5. Anatomy of a block cipher Plaintext � � � key 0 � � � � � � SubColumn � � � ShiftRows � � � · · · � � � key 25 � � � � � � SubColumn � � � ShiftRows � � � � key 26 � � � � � Ciphertext 5 / 31

  6. Anatomy of a block cipher Plaintext key 0 � � � SubColumn ShiftRows · · · key 25 � � � SubColumn ShiftRows � key 26 � � Ciphertext 5 / 31

  7. Anatomy of a block cipher Rectangle/SubColumn Caution: lookup tables are strictly forbidden ! 6 / 31

  8. Anatomy of a block cipher Rectangle/SubColumn a 0 b 0 a 1 b 1 a 2 b 2 a 3 b 3 6 / 31

  9. Anatomy of a block cipher Rectangle/SubColumn void SubColumn(__m128i *a0, __m128i *a1, __m128i *a2, __m128i *a3) { __m128i t1, t2, t3, t5, t6, t8, t9, t11; __m128i a0_ = *a0; __m128i a1_ = *a1; t1 = ~*a1; t2 = *a0 & t1; t3 = *a2 ^ *a3; *a0 = t2 ^ t3; t5 = *a3 | t1; t6 = a0_ ^ t5; *a1 = *a2 ^ t6; t8 = a1_ ^ *a2; t9 = t3 & t6; *a3 = t8 ^ t9; t11 = *a0 | t8; *a2 = t6 ^ t11; } 6 / 31

  10. Anatomy of a block cipher Rectangle/SubColumn table SubColumn (a:v4) returns (b:v4) { 6, 5, 12, 10, 1, 14, 7, 9, 11, 0, 3, 13, 8, 15, 4, 2 } 6 / 31

  11. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) ShiftRows 7 / 31

  12. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; tel ShiftRows 7 / 31

  13. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; tel ShiftRows 7 / 31

  14. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; out[2] = input[2] <<< 12; tel ShiftRows 7 / 31

  15. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; out[2] = input[2] <<< 12; out[3] = input[3] <<< 13; tel ShiftRows 7 / 31

  16. Anatomy of a block cipher Rectangle/ShiftRows void ShiftRows(__m128i a[64]) { int rot[] = { 0, 1, 12, 13 }; for (int k = 1; k < 4; k++) { __m128i tmp[16]; for (int i = 0; i < 16; i++) tmp[i] = a[k*16+(16+rot[k]+i)%16]; for (int i = 0; i < 16; i++) a[k*16+i] = tmp[i]; } } ShiftRows 7 / 31

  17. Anatomy of a block cipher Rectangle, na¨ ıvely void Rectangle(__m128i plain[64], __m128i key[26][64], __m128i cipher[64]) { for (int i = 0; i < 25; i++) { for (int j = 0; j < 64; j++) plain[j] ^= key[i][j]; for (int j = 0; j < 16; j++) SubColumn(&plain[j], &plain[j+16], &plain[j+32], &plain[j+48]); ShiftRows(plain); } for (int i = 0; i < 64; i++) cipher[i] = plain[i] ^ key[25][i]; } 8 / 31

  18. Anatomy of a block cipher Rectangle, our way node ShiftRows (input:u16x4) node Rectangle (plain:u16x4, returns (out:u16x4) key :u16x4[26]) vars returns (cipher:u16x4) let vars out[0] = input[0]; round : u16x4[26] out[1] = input[1] <<< 1; let out[2] = input[2] <<< 12; round[0] = plain; out[3] = input[3] <<< 13; forall i in [0,24] { tel round[i+1] = ShiftRows( SubColumn( round[i] ^ key[i] ) table SubColumn (input:v4) ) returns (out:v4) { } 6, 5, 12, 10, 1, 14, 7, 9, cipher = round[25] ^ key[25] 11, 0, 3, 13, 8, 15, 4, 2 } tel 9 / 31

  19. Bitslicing High-throughput software circuits ... Input stream 0 1 0 0 0 1 1 1 0 0 1 1 0 registers 1 0 ⇒ Matrix transposition 10 / 31

  20. Bitslicing High-throughput software circuits ... Input stream 0 1 0 0 0 1 1 1 0 0 1 1 0 0 registers 1 0 0 1 ⇒ Matrix transposition 10 / 31

  21. Bitslicing High-throughput software circuits ... Input stream 0 1 0 0 0 1 1 1 0 0 1 1 0 0 1 registers 1 0 1 0 1 0 ⇒ Matrix transposition 10 / 31

  22. Bitslicing High-throughput software circuits ... Input stream 0 1 0 0 0 1 1 1 0 0 1 1 0 0 1 0 registers 1 0 1 1 0 1 0 1 ⇒ Matrix transposition 10 / 31

  23. Bitslicing High-throughput software circuits ... Input stream 0 1 0 0 0 1 1 1 0 0 1 1 ^ ^ ^ ^ 0 0 1 0 registers 1 0 1 1 ^ 0 1 0 1 ⇒ Matrix transposition 10 / 31

  24. Bitslicing High-throughput software circuits 0 0 1 0 registers 1 0 1 1 0 1 1 1 ⇒ Matrix transposition ... Output stream 0 1 0 10 / 31

  25. Bitslicing High-throughput software circuits 0 0 1 0 registers 1 0 1 1 0 1 1 1 ⇒ Matrix transposition ... Output stream 0 1 0 0 0 1 10 / 31

  26. Bitslicing High-throughput software circuits 0 0 1 0 registers 1 0 1 1 0 1 1 1 ⇒ Matrix transposition ... Output stream 0 1 0 0 0 1 1 1 1 10 / 31

  27. Bitslicing High-throughput software circuits 0 0 1 0 registers 1 0 1 1 0 1 1 1 ⇒ Matrix transposition ... Output stream 0 1 0 0 0 1 1 1 1 0 1 1 10 / 31

  28. Man vs. Machine 7 6 5 cycles/byte 4 3 2 1 0 e d a a v e b b ï n u u a u s s N U U t - d n a H SSE2 AVX512 11 / 31

  29. Man vs. Machine 4 3 $/TB 2 1 0 e d a a v e b b ï n u u a u s s N U U t - d n a H SSE2 AVX512 11 / 31

  30. Anatomy of a block cipher The Real Thing static void x51 = x43 ^ x50; s1 ( *out2 ^= x51; unsigned long a1, x52 = x8 ^ x40; unsigned long a2, x53 = a3 ^ x11; unsigned long a3, x54 = x53 & x5; unsigned long a4, x55 = a2 | x54; unsigned long a5, x56 = x52 ^ x55; unsigned long a6, x57 = a6 | x4; unsigned long *out1, x58 = x57 ^ x38; unsigned long *out2, x59 = x13 & x56; unsigned long *out3, x60 = a2 & x59; unsigned long *out4 x61 = x58 ^ x60; ) { x62 = a5 & x61; unsigned long x1, x2, x3, x4, x5, x6, x7, x8; x63 = x56 ^ x62; *out3 ^= x63; unsigned long x9, x10, x11, x12, x13, x14, x15, x16; unsigned long x17, x18, x19, x20, x21, x22, x23, x24; } unsigned long x25, x26, x27, x28, x29, x30, x31, x32; unsigned long x33, x34, x35, x36, x37, x38, x39, x40; unsigned long x41, x42, x43, x44, x45, x46, x47, x48; static void unsigned long x49, x50, x51, x52, x53, x54, x55, x56; s2 ( unsigned long x57, x58, x59, x60, x61, x62, x63; unsigned long a1, unsigned long a2, x1 = ~a4; unsigned long a3, x2 = ~a1; unsigned long a4, x3 = a4 ^ a3; unsigned long a5, x4 = x3 ^ x2; unsigned long a6, x5 = a3 | x2; unsigned long *out1, x6 = x5 & x1; unsigned long *out2, x7 = a6 | x6; unsigned long *out3, x8 = x4 ^ x7; unsigned long *out4 x9 = x1 | x2; ) { x10 = a6 & x9; unsigned long x1, x2, x3, x4, x5, x6, x7, x8; x11 = x7 ^ x10; unsigned long x9, x10, x11, x12, x13, x14, x15, x16; x12 = a2 | x11; unsigned long x17, x18, x19, x20, x21, x22, x23, x24; x13 = x8 ^ x12; unsigned long x25, x26, x27, x28, x29, x30, x31, x32; x14 = x9 ^ x13; unsigned long x33, x34, x35, x36, x37, x38, x39, x40; x15 = a6 | x14; unsigned long x41, x42, x43, x44, x45, x46, x47, x48; x16 = x1 ^ x15; unsigned long x49, x50, x51, x52, x53, x54, x55, x56; x17 = ~x14; x18 = x17 & x3; x1 = ~a5; x19 = a2 | x18; x2 = ~a1; x20 = x16 ^ x19; x3 = a5 ^ a6; x21 = a5 | x20; x4 = x3 ^ x2; x22 = x13 ^ x21; x5 = x4 ^ a2; *out4 ^= x22; x6 = a6 | x1; x23 = a3 | x4; x7 = x6 | x2; x24 = ~x23; x8 = a2 & x7; x25 = a6 | x24; x9 = a6 ^ x8; x26 = x6 ^ x25; x10 = a3 & x9; x27 = x1 & x8; x11 = x5 ^ x10; x28 = a2 | x27; x12 = a2 & x9; x29 = x26 ^ x28; x13 = a5 ^ x6; x30 = x1 | x8; x14 = a3 | x13; x31 = x30 ^ x6; x15 = x12 ^ x14; x32 = x5 & x14; x16 = a4 & x15; x33 = x32 ^ x8; x17 = x11 ^ x16; x34 = a2 & x33; *out2 ^= x17; x35 = x31 ^ x34; x18 = a5 | a1; x36 = a5 | x35; x19 = a6 | x18; x37 = x29 ^ x36; x20 = x13 ^ x19; *out1 ^= x37; x21 = x20 ^ a2; x38 = a3 & x10; x22 = a6 | x4; x39 = x38 | x4; x23 = x22 & x17; x40 = a3 & x33; x24 = a3 | x23; x41 = x40 ^ x25; x25 = x21 ^ x24; x42 = a2 | x41; x26 = a6 | x2; x43 = x39 ^ x42; x27 = a5 & x2; x44 = a3 | x26; x28 = a2 | x27; x45 = x44 ^ x14; x29 = x26 ^ x28; x46 = a1 | x8; x30 = x3 ^ x27; x47 = x46 ^ x20; x31 = x2 ^ x19; x48 = a2 | x47; x32 = a2 & x31; x49 = x45 ^ x48; x33 = x30 ^ x32; x50 = a5 & x49; x34 = a3 & x33; 12 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to CNV! Computational Neuroscience CNV is about using computational simulations to

Welcome to CNV! Computational Neuroscience CNV is about using computational simulations to

Welcome to CNV! Computational Neuroscience CNV is about using computational simulations to understand how biological visual systems work. of Vision The course is geared towards people who are interested in and may be considering doing further

440 views • 5 slides
Computational Physics What is Computational Physics? Basic Computer Hardware Operating Systems

Computational Physics What is Computational Physics? Basic Computer Hardware Operating Systems

Computational Physics What is Computational Physics? Basic Computer Hardware Operating Systems Programming Languages Problem solving environment What is Computational Physics? Computational Physics is a synthesis of theoretical analysis,

1.02k views • 66 slides
Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities.

Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities.

1/37 Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities. this summer school Franco Moretti (Hackler and Kirsten 2016, p. 5) tive and computational mean something. But, frankly, I

373 views • 19 slides
Chapter 2: Getting Started A computational problem is a mathematical problem, specified by an

Chapter 2: Getting Started A computational problem is a mathematical problem, specified by an

Chapter 2: Getting Started A computational problem is a mathematical problem, specified by an input/output relation. An algorithm is a computational procedure for solving a computational problem. 1 Sorting A well-known example of computational

374 views • 33 slides
1. Computational Fluid a. Computational Fluid Dynamics is in the domain of Computational Science

1. Computational Fluid a. Computational Fluid Dynamics is in the domain of Computational Science

1. Computational Fluid a. Computational Fluid Dynamics is in the domain of Computational Science b. Applications i. Computational Fluid Dynamics have many applications. Some applications include: 1. Automotive Aerodynamics 2. Designing HVAC

191 views • 3 slides
Computational Modeling CT @ VT Computational Modeling The third pillar of science and

Computational Modeling CT @ VT Computational Modeling The third pillar of science and

Introduction to Computational Thinking Computational Modeling CT @ VT Computational Modeling The third pillar of science and engineering Lab based Science and Engineering Math based computational experimental theoretical

121 views • 8 slides
Computational Geometry Algorithm Library Efi Fogel Tel Aviv University Computational Geometry

Computational Geometry Algorithm Library Efi Fogel Tel Aviv University Computational Geometry

Computational Geometry Algorithm Library Efi Fogel Tel Aviv University Computational Geometry Apr. 7 th , 2014 Cgal : Mission Make the large body of geometric algorithms developed in the field of computational geometry available for

542 views • 21 slides
Computational Complexity of Judgment Aggregation Ronald de Haan Computational Social Choice:

Computational Complexity of Judgment Aggregation Ronald de Haan Computational Social Choice:

Computational Complexity of Judgment Aggregation Ronald de Haan Computational Social Choice: Spring 2019 Institute for Logic, Language and Computation University of Amsterdam Plan for today We will look at computational complexity

183 views • 16 slides
Computational Sustainability: Computational Methods for a Sustainable Environment, Economy, and

Computational Sustainability: Computational Methods for a Sustainable Environment, Economy, and

Computational Sustainability: Computational Methods for a Sustainable Environment, Economy, and Society Optimal Forest Fire Fuel Management and Timber Harvest In The Face Of Endogenous Spatial Risk The Next Step Cl i Claire Montgomery M t

332 views • 17 slides
Computational Pathology In the Midst of a Revolution: How Computational Pathology is

Computational Pathology In the Midst of a Revolution: How Computational Pathology is

Computational Pathology In the Midst of a Revolution: How Computational Pathology is Transforming Clinical Practice and Biomedical Research Thomas J. Fuchs Associate Member, Memorial Sloan Kettering Cancer Center Associate Professor, Weill

688 views • 67 slides
HPC for Computational Astrophysics: Looking Forward Ann Almgren Center for Computational

HPC for Computational Astrophysics: Looking Forward Ann Almgren Center for Computational

HPC for Computational Astrophysics: Looking Forward Ann Almgren Center for Computational Sciences and Engineering Lawrence Berkeley National Laboratory asalmgren@lbl.gov July 26, 2011 lab-logo Almgren, LBNL HPC for Astrophysics

633 views • 9 slides
Parallel Computers The Demand for Computational Speed Continual demand for greater computational

Parallel Computers The Demand for Computational Speed Continual demand for greater computational

Parallel Computers The Demand for Computational Speed Continual demand for greater computational speed from a computer system than is currently possible. Areas requiring great computational speed include numerical modeling and simulation of

609 views • 46 slides
Lecture 22 Computational Methods for GPs Colin Rundel 04/12/2017 1 GPs and Computational

Lecture 22 Computational Methods for GPs Colin Rundel 04/12/2017 1 GPs and Computational

Lecture 22 Computational Methods for GPs Colin Rundel 04/12/2017 1 GPs and Computational Complexity 2 2 exp n 1 i The problem with GPs x n 2 j 2 ij d ij Update covariance parameter? n 3 log 2 2 n 1 Unless you are lucky (or

772 views • 48 slides
A Whole-Cell Computational Model Predicts Phenotype from Genotype Computational Models in

A Whole-Cell Computational Model Predicts Phenotype from Genotype Computational Models in

A Whole-Cell Computational Model Predicts Phenotype from Genotype Computational Models in Biology Mathematically model cellular pathways to predict phenotypes Quantify known pieces of data to analyze the implementation of information

542 views • 29 slides
Sustainability and Sustainable Development The 1987 UN report, Our Common Future (Brundtland

Sustainability and Sustainable Development The 1987 UN report, Our Common Future (Brundtland

Computational Sustainability : Computational Methods for a Sustainable Environment, Economy, and Society Carla P. Gomes Institute for Computational Sustainability Cornell University Sponsored by: This talk is an adaptation of the NSF

664 views • 40 slides
Comparative Genomics: Computational Challenges Bernard M.E. Moret Laboratory for Computational

Comparative Genomics: Computational Challenges Bernard M.E. Moret Laboratory for Computational

Comparative Genomics: Computational Challenges Bernard M.E. Moret Laboratory for Computational Biology and Bioinformatics EPFL Nantes, 6/8/09 p. Overview Comparative approaches The genome and its evolution High-throughput data

660 views • 52 slides
Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018 Introduction Types of Circuits: Brief background. Block cipher circuits: Round based vs Serial. Eg: Working example

489 views • 44 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Starting chapter 3 Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and related ideas l Strings are basically sequences of characters l A string literal is enclosed in quotes ( '' or in Python):

292 views • 12 slides
Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference: Whitfield Diffie and Martin E. Hellman, Privacy and Authentication: An Introduction to Cryptography, in Proc. IEEE, vol. 67, no.3, pp. 397 - 427,

360 views • 17 slides
On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Icebreak 2013 Reykjavik, Iceland June 8, 2013 1 / 61 Outline 1 Origins 2 The sponge construction 3 Inside

1.12k views • 71 slides
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1 UC San Diego 2 Georgia Tech IBM Research 8 September 2011 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N

1.2k views • 82 slides
Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons Institute, 29/04/2020 Based on a joint work with Chitchanok Chuengsatiansup, Thomas Prest, Damien Stehl and Keita Xagawa, ePrint 2019/1456 1/17 A.

540 views • 28 slides
Trapdoor functions from the Computational Diffie-Hellman Assumption Sanjam Garg 1 Mohammad

Trapdoor functions from the Computational Diffie-Hellman Assumption Sanjam Garg 1 Mohammad

Trapdoor functions from the Computational Diffie-Hellman Assumption Sanjam Garg 1 Mohammad Hajiabadi 1 , 2 1 University of California, Berkeley 2 University of Virginia August 22, 2018 1 / 18 Classical Public-Key Crypto 2 / 18 Classical

696 views • 55 slides

More recommend