cryptologic applications of the playstation 3 cell speed
play

Cryptologic Applications of the PlayStation 3: Cell SPEED Dag Arne - PowerPoint PPT Presentation

Dec 12, 2022 •183 likes •449 views

Cryptologic Applications of the PlayStation 3: Cell SPEED Dag Arne Osvik EPFL Eran Tromer MIT Cell Broadband Engine 1 PowerPC core Based on the PowerPC 970 128-bit AltiVec/VMX SIMD unit Currently up to 8 synergistic

  1. Cryptologic Applications of the PlayStation 3: Cell SPEED Dag Arne Osvik EPFL Eran Tromer MIT

  2. Cell Broadband Engine  1 PowerPC core − Based on the PowerPC 970 − 128-bit AltiVec/VMX SIMD unit  Currently up to 8 “synergistic processors”  Runs at ~3.2 GHz  A Core2 core has three 128-bit SIMD units with just 16 registers.

  3. Running DES on the Cell  Bitsliced implementation of DES − 128-way parallelism per SPU − S-boxes optimized for SPU instruction set  4 Gbit/sec = 2 26 blocks/sec per SPU  32 Gbit/sec per Cell chip  Can be used as a cryptographic accelerator (ECB, CTR, many CBC streams)

  4. Breaking DES on the Cell  Reduce the DES encryption from 16 rounds to the equivalent of ~9.5 rounds, by shortcircuit evaluation and early aborts.  Performance: − 108M=2 26.69 keys/sec per SPU − 864M=2 29.69 keys/sec per Cell chip

  5. Comparison to FPGA Expected time to break:  COPACOBANA − ~9 days − €8,980 − A year to build  52 PlayStation 3 consoles − ~9 days − €19,500 (at US$500 each) − Off-the-shelf  Divide by two if you get E K ( X ) and E K ( X ).

  6. DreamHack 2004 LAN Party DreamHack 2004 LAN Party 5852 connected computers 5852 connected computers Under 1 hour for a real-time DES break. Under 1 hour for a real-time DES break.

  7. Synergistic Processing Unit  256KB of fast local memory  128-bit, 128-register SIMD  Two pipelines  In-order execution  Explicit DMA to RAM or other SPUs

  8. SPU memory  Single-ported  6-cycle load-to-use latency  Read or write 16 or 128 bytes each cycle  DMA & instruction fetch use 128-byte interface  Prioritized: DMA > load/store > instruction fetch

  9. SPU registers  128 registers  Up to 77 register parameters and return values according to calling convention

  10. SPU instruction set  RISC (similar to PowerPC)  Fixed 32-bit size  Always aligned on 4-byte boundary  Most operations are SIMD

  11. SPU pipelines and latencies

  12. SPU limitations  Fetches 8-byte aligned pairs of instructions − Dual issue happens only if first is even-pipe instruction and and second is odd-pipe instruction  Only 16x16->32 integer multiplication  No hardware branch prediction

  13. Special SPU instructions  select bits  shuffle bytes  gather bits  form select mask  carry/borrow generate  add/sub extended  sum bytes  or across  generate controls for  count leading zeros insertion  count ones in bytes

  14. 64-bit addition  2-way SIMD:  4-way SIMD: − carry generate − carry generate − add − add − shuffle bytes − add extended − add

  15. 64-bit rotate  2-way SIMD:  4-way SIMD: − rotate words − 2 * rotate words − shuffle bytes − 2 * select bits − select bits

  16. selb  Bitwise version of “a = b ? c : d”  Also known as a multiplexer (mux)  Very useful for bitslice computations − DES S-box average less than 40 instructions − Matthew Kwan: 51, without using selb

  17. Comparison to Core2 for bitslice CPU SPU Core2 Registers 128 16 Register width 128 128 Registers/instruction 3 2 Boolean operations *+select and, or, xor, andn Instruction parallelism 1 3 Cores per chip 6-8 2-4

  18. shufb  Concatenate two input registers to form a 32- byte lookup table  Each byte in the third register selects either a constant value (0x00/0x80/0xFF) or a location in the lookup table  => 16 table lookups per cycle

  19. AES Table lookups in registers  5->8 bit lookups directly supported by shufb  For the remaining 3 input bits we need to isolate and replicate them, and then use selb to select between 8 different shufb outputs  High latency, but also high throughput with 4- way interleaving

  20. Cache attack resistance  SPUs currently immune − no address-dependent variability in memory access  Architecture allows cache in SPU  In-register lookups should be future-proof

  21. Branch prediction  Calculate branch address  Give branch target hint  ...  Branch without penalty

  22. Optimization summary  Do vector (SIMD) processing  Large number of registers allows interleaving several computations, hiding latencies  Balance pipeline usage  Pre-compute branches in time to give hint  For very memory-intensive code, ensure instruction fetch by using hbrp

  23. Running MD5 on the Cell  32-bit addition and rotation, boolean functions − Directly supported with 4-way SIMD − Bitslice is slow: 128 adds require 94 instructions  Many streams in parallel hide latencies  Calculated compression function performance: Up to 15.6 Gbit/s per SPU

  24. Running AES on the Cell  > 2.1 Gbit/s per SPU (~3.8 GHz Pentium 4)  ~17 Gbit/s for full Cell, almost 13 Gbit/s for PS3  CBC implementation only a little slower.  Bitslice would be very interesting

  25. Other cryptographic applications for the Cell Broadband Engine  Limited by SPU microarchitecture and memory  Good match for low-memory, straight-path computation over small operands  Some promising applications: − Stream cipher cryptanalysis − Sieving for the Number Field Sieve − Hash collisions

  26. The future of the Cell  More SPUs on a chip  Internal cache in SPUs  Fast double precision float  Different size of local memory?  New instructions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Playstation 3 (PS3) Game Console Cell Processor Molecular Dynamic (MD)

Introduction Playstation 3 (PS3) Game Console Cell Processor Molecular Dynamic (MD)

PS3 GRID .net Building a distributed supercomputer using the Playstation 3 M. J. Harvey G. Giuppone J. Vill-Freixa G. De Fabritiis Presented by: Abadi Kurniawan Introduction Playstation 3 (PS3) Game Console Cell Processor

559 views • 17 slides
Intro This talk will focus on Cell processor Cell Broadband Engine Architecture (CBEA)

Intro This talk will focus on Cell processor Cell Broadband Engine Architecture (CBEA)

Intro This talk will focus on Cell processor Cell Broadband Engine Architecture (CBEA) Power Processing Element (PPE) Synergistic Processing Element (SPE) Current implementations Sony Playstation 3 (1 chip with 6 SPEs)

709 views • 23 slides
Single-cell transcriptomics (scRNA-seq) Eukaryotic Single Cell Genomics facility Applications for

Single-cell transcriptomics (scRNA-seq) Eukaryotic Single Cell Genomics facility Applications for

Henrik Gezelius May 21, 2018 Single-cell transcriptomics (scRNA-seq) Eukaryotic Single Cell Genomics facility Applications for scRNA-sequencing Heterogeneity analysis Cell type identification Lineage tracing, cellular states in

2.1k views • 24 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor Corporation Belgium Vision 2006 P E R F O R M Outline Introduction Architecture Analog high speed CIS Digital high speed CIS

593 views • 32 slides
Racket on the Playstation 3? Its not what you think... Dan Liebgold Naughty Dog, Inc. Santa

Racket on the Playstation 3? Its not what you think... Dan Liebgold Naughty Dog, Inc. Santa

Racket on the Playstation 3? Its not what you think... Dan Liebgold Naughty Dog, Inc. Santa Monica, CA RacketCon 2013 Motivation In games, programmers create code; artists, designers, animators, sound designers create data We often

407 views • 39 slides
Presentation at the STI Cell BE Workshop "Geoscience and Aerospace Applications on a

Presentation at the STI Cell BE Workshop "Geoscience and Aerospace Applications on a

Presentation at the STI Cell BE Workshop "Geoscience and Aerospace Applications on a Potential Heterogenous Cell BE Cluster at UMBC" Prof.s M. Halem and Ye Yesha At Georgia Tech Univ. June 18-19, 2007 halem@umbc.edu Overview

639 views • 46 slides
Applications for Java Accelerator on Cell Processors Jan Trska (trskajan@fel.cvut.cz)

Applications for Java Accelerator on Cell Processors Jan Trska (trskajan@fel.cvut.cz)

IBM - CVUT Student Research Projects Applications for Java Accelerator on Cell Processors Jan Trska (trskajan@fel.cvut.cz) Applications for JCBE Goal of this project is to implement alghoritms solving NP-complete problems and accelerate

495 views • 6 slides
ECM at Work Joppe W. Bos and Thorsten Kleinjung Laboratory for Cryptologic Algorithms EPFL,

ECM at Work Joppe W. Bos and Thorsten Kleinjung Laboratory for Cryptologic Algorithms EPFL,

ECM at Work Joppe W. Bos and Thorsten Kleinjung Laboratory for Cryptologic Algorithms EPFL, Station 14, CH-1015 Lausanne, Switzerland 1 / 14 Motivation The elliptic curve method for integer factorization is used in the cofactorization

568 views • 28 slides
Optimizing 3D Graphics For Mobiles Mobiles Madan Kandula Director Introduction

Optimizing 3D Graphics For Mobiles Mobiles Madan Kandula Director Introduction

Optimizing 3D Graphics For Mobiles Mobiles Madan Kandula Director Introduction Cross-Platform games and apps using our engine PlayStation VITA, PlayStation 3 iOS (iPhone, iPad) Android Windows Core expertise is real time

228 views • 11 slides
Pollard Rho on the PlayStation 3 Joppe W. Bos 1 Marcelo E. Kaihara 1 Peter L. Montgomery 2 1 EPFL

Pollard Rho on the PlayStation 3 Joppe W. Bos 1 Marcelo E. Kaihara 1 Peter L. Montgomery 2 1 EPFL

Pollard Rho on the PlayStation 3 Joppe W. Bos 1 Marcelo E. Kaihara 1 Peter L. Montgomery 2 1 EPFL IC LACAL, CH-1015 Lausanne, Switzerland 2 Microsoft Research, One Microsoft Way, Redmond, WA 98052, USA RAIM09 October 27 th 2009 LIP ENS Lyon

386 views • 28 slides
VAR-SPE SPEED VARIATORS: TORQUE-SPEED REGULATORS VAR-SPE VARIATORS AS A SIMPLE VARIATOR, LIKE

VAR-SPE SPEED VARIATORS: TORQUE-SPEED REGULATORS VAR-SPE VARIATORS AS A SIMPLE VARIATOR, LIKE

VAR-SPE SPEED VARIATORS: TORQUE-SPEED REGULATORS VAR-SPE VARIATORS AS A SIMPLE VARIATOR, LIKE MECHANICAL ONE, FOR MOST APPLICATIONS (MANUFACTURING MACHINE) HOW CAN WE SEE THE VAR- SPE VARIATOR? AS AN AUTOMATION SYSTEM , LIKE INVERTER, BUT

950 views • 36 slides
Cedar Rapids RLR & Speed Des Moines RLR & Speed

Cedar Rapids RLR & Speed Des Moines RLR & Speed

Davenport.RLR & Speed Cedar Rapids RLR & Speed Des Moines RLR & Speed Sioux City.. RLR & Speed Muscatine...RLR & Speed Council

248 views • 11 slides
Cell Centered Finite Volume Schemes for Multiphase Flow Applications L. Agelas 1 , D. Di Pietro 1

Cell Centered Finite Volume Schemes for Multiphase Flow Applications L. Agelas 1 , D. Di Pietro 1

Outline Applications and meshes Flux formulation Discrete variational framework Numerical Experiments Cell Centered Finite Volume Schemes for Multiphase Flow Applications L. Agelas 1 , D. Di Pietro 1 , J. Droniou 2 , I. Kapyrin 1 , R. Eymard 3

1.04k views • 57 slides
Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Effects of automated highway speed enforcement: average versus instantaneous speed control 27 th annual ICTCT workshop 16-17 Oct 2014, Karlsruhe - Germany dr. Stijn Daniels, PhD Transportation Research Institute Hasselt University, Belgium

413 views • 9 slides
Cell Communication and Cell Signaling Why is cell signaling important? Why is cell signaling

Cell Communication and Cell Signaling Why is cell signaling important? Why is cell signaling

Cell Communication and Cell Signaling Why is cell signaling important? Why is cell signaling important? Allows cells to communicate and coordinate functions/activities of the organism Usually involves the cell membrane Cell

408 views • 36 slides
1. Motivation The present state of the art in software engineering does not offer sufficient

1. Motivation The present state of the art in software engineering does not offer sufficient

Bugs Now Show-Up in Everyday Life Vrification de labsence derreurs Bugs now appear frequently in everyday life (banks, lexcution dans des logiciels industriels cars, telephones, . . . ) Example (HSBC bank ATM 1 at 19

527 views • 16 slides
Computing correctly rounded logarithms with fixed-point operations Julien Le Maire, Florent de

Computing correctly rounded logarithms with fixed-point operations Julien Le Maire, Florent de

Computing correctly rounded logarithms with fixed-point operations Julien Le Maire, Florent de Dinechin, Jean-Michel Muller and Nicolas Brunie Outline Introduction and context Algorithm Results and comparisons for libm log Bonus: a

1.07k views • 86 slides
Array Code Generation 1. Array code generation 2. Surprises in memory access 3. Lessons learned

Array Code Generation 1. Array code generation 2. Surprises in memory access 3. Lessons learned

Array Code Generation 1. Array code generation 2. Surprises in memory access 3. Lessons learned Array Code Gen Model-Driven VAR i, k, x : INTEGER; A : ARRAY 17 OF INTEGER; ... BEGIN Arrays dont know offset at compile time

372 views • 11 slides
Extending the Salsa20 nonce D. J. Bernstein University of Illinois at Chicago DES had 64-bit

Extending the Salsa20 nonce D. J. Bernstein University of Illinois at Chicago DES had 64-bit

Extending the Salsa20 nonce D. J. Bernstein University of Illinois at Chicago DES had 64-bit block. Highly troublesome by 1990s. AES has 128-bit block. Becoming troublesome now 2006 BlackHaleviHevia

626 views • 19 slides
Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr.

Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr.

Computer Science, Informatik 4 Communication and Distributed Systems Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr. Mesut Gne Computer Science, Informatik 4 Communication and Distributed

2.63k views • 76 slides
System upgrade with SWUpdate ELC 2017 02/2017 Gabriel Huau Embedded Software Engineer TABLE OF

System upgrade with SWUpdate ELC 2017 02/2017 Gabriel Huau Embedded Software Engineer TABLE OF

System upgrade with SWUpdate ELC 2017 02/2017 Gabriel Huau Embedded Software Engineer TABLE OF CONTENTS 1. Introduction 2. Architecture 3. Customization 4. Integration SWUpdate ABOUT THE PRESENTER Open-Source Enthusiast Buildroot

846 views • 45 slides
CS 327E Lecture 11 Shirley Cohen March 2, 2016 Agenda Announcements Readings for

CS 327E Lecture 11 Shirley Cohen March 2, 2016 Agenda Announcements Readings for

CS 327E Lecture 11 Shirley Cohen March 2, 2016 Agenda Announcements Readings for today Reading Quiz Concept Questions Homework for next time Announcements Midterm 2 will be next Wednesday There will be a

365 views • 25 slides
and Their Applications Itai Dinur Ben-Gurion University, Israel Eurocrypt 2020 The Birthday

and Their Applications Itai Dinur Ben-Gurion University, Israel Eurocrypt 2020 The Birthday

Tig ight Tim ime-Space Lower Bounds for Fin inding Mult ltiple Coll llision Pair irs and Their Applications Itai Dinur Ben-Gurion University, Israel Eurocrypt 2020 The Birthday Problem Let [N] = {0,1, ,N-1} Given oracle

859 views • 18 slides

More recommend