Bug 96

Summary: Add AES, SHA1, SHA256, and SHA3 instructions
Product: Libre-SOC's first SoC Reporter: Jacob Lifshay <programmerjake>
Component: SpecificationAssignee: Luke Kenneth Casson Leighton <lkcl>
Status: CONFIRMED ---    
Severity: enhancement CC: libre-soc-bugs
Priority: ---    
Version: unspecified   
Hardware: Other   
OS: All   
NLnet milestone: --- total budget (EUR) for completion of task and all subtasks: 0
budget (EUR) for this task, excluding subtasks' budget: 0 parent task for budget allocation:
child tasks for budget allocation: The table of payments (in EUR) for this task; TOML format:

Description Jacob Lifshay 2019-06-12 20:49:44 BST 
I think it would be a good idea to add instructions to accelerate cryptographic primitives.

We would specifically NOT design them to be resistant to power/emi attacks, since those aren't typically visible over a network and because they take a lot of time and effort to design properly.
They would be resistant to timing attacks, since those are much easier to design for and are exploitable over the network.

They wouldn't be intended as much for cryptography as for things like git, cryptocurrency mining (see Monero's new RandomX algorithm) and BTRFS.

The main reason to implement special instructions is to accelerate the crypto instructions and because implementing S-box based primitives (such as AES) introduces timing issues when using software because of part of the lookup table not being in the cache.

If resistance to power/emi attacks is required, users would still have to use other HW.
Comment 1 Jacob Lifshay 2020-11-11 02:40:37 GMT 
See:
http://lists.libre-soc.org/pipermail/libre-soc-dev/2020-November/001175.html

Additional applications: fast non-cryptographic hash functions (for things like hash tables):
https://github.com/tkaitchuck/ahash