energy efficient arm64 cluster with cryptanalytic
play

Energy-Efficient ARM64 Cluster with Cryptanalytic Applications 80 - PowerPoint PPT Presentation

Jun 17, 2023 •41 likes •741 views

Energy-Efficient ARM64 Cluster with Cryptanalytic Applications 80 Cores That Do Not Cost You an ARM and a Leg Latincrypt 2017, 21st September 2017 1/19 Thom Wiggers Outline Introduction Building a cheap cluster The Cortex-A53 Breaking ECC

  1. Energy-Efficient ARM64 Cluster with Cryptanalytic Applications 80 Cores That Do Not Cost You an ARM and a Leg Latincrypt 2017, 21st September 2017 1/19 Thom Wiggers

  2. Outline Introduction Building a cheap cluster The Cortex-A53 Breaking ECC on the Cortex-A53 Results and Comparison 2/19 Thom Wiggers

  3. So you want to break crypto 1. Investigate attacks 3/19 Thom Wiggers

  4. So you want to break crypto 1. Investigate attacks 2. Implement attacks in software 3/19 Thom Wiggers

  5. So you want to break crypto 1. Investigate attacks 2. Implement attacks in software 3. ??? 3/19 Thom Wiggers

  6. So you want to break crypto 1. Investigate attacks 2. Implement attacks in software 3. ??? 4. Profit 3/19 Thom Wiggers

  7. So you want to break crypto 1. Investigate attacks 2. Implement attacks in software 3. Run software on hugely expensive clusters 4. Profit 3/19 Thom Wiggers

  8. Typical Platforms “Desktop” CPUs FPGAs Easy to program • Very hard to program • $$$$$ • $$$$$–$$$$$ • Fairly high-power • Low power • • Fast with modern CPU • Much, much faster than extensions (SSE, AVX2) CPUs on certain workloads GPUs • Harder to program • $$$$$ • Very high-power • Much faster than CPUs on certain workloads Image: CC-BY-SA Xilinx 4/19 Thom Wiggers

  9. Atypical platform “Mobile” CPUs Smartphones and IoT • Easy to program for • $$$$$ • • Low power • OK speeds? ODROID-C2 devboard Image: CC-BY-SA Hardkernel 5/19 Thom Wiggers

  10. ODROID-C2 • Cortex-A53 CPU • 64-bit Quad-Core, 1536 MHz ARMv8 • 2 GiB RAM • US$ 46 • ODROID-C2 devboard Image: CC-BY-SA Hardkernel 6/19 Thom Wiggers

  11. Shopping List Item Unit cost (USD) Number Total cost ODROID-C2 $ 46 20 $ 920 5V Power Supply $ 5 20 $ 100 Micro-SD cards $ 17 20 $ 340 LAN cables $ 1 21 $ 21 24-port switch (TL-SG1024D) $ 85 1 $ 85 Total $ 1466 7/19 Thom Wiggers

  12. Rack Figure: The assembled Lego “rack”. Cable management remains a subject for further investigation. 8/19 Thom Wiggers

  13. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. 9/19 Thom Wiggers

  14. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). 9/19 Thom Wiggers

  15. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I 9/19 Thom Wiggers

  16. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime 9/19 Thom Wiggers

  17. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime – Curve over F 2 131 , a Koblitz curve. 9/19 Thom Wiggers

  18. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime – Curve over F 2 131 , a Koblitz curve. • 2009’s Breaking ECC2K-130 [Bai+09] report describes how to attack the Koblitz curve. 9/19 Thom Wiggers

  19. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime – Curve over F 2 131 , a Koblitz curve. • 2009’s Breaking ECC2K-130 [Bai+09] report describes how to attack the Koblitz curve. • The attack is based on Pollard’s Rho for discrete logarithms [Pol78]. 9/19 Thom Wiggers

  20. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime – Curve over F 2 131 , a Koblitz curve. • 2009’s Breaking ECC2K-130 [Bai+09] report describes how to attack the Koblitz curve. • The attack is based on Pollard’s Rho for discrete logarithms [Pol78]. • They describe highly optimised implementations, speeds and estimates for CPUs, PS3s, GPUs and FPGAs. 9/19 Thom Wiggers

  21. ECC2K-130 • Challenge Curves put out by Certicom in 1997 [Cer]. • Smaller challenges broken earlier (last 109-bit one in 2004). • Two curves remaining in Level I – Curve over F p , p a 131-bit prime – Curve over F 2 131 , a Koblitz curve. • 2009’s Breaking ECC2K-130 [Bai+09] report describes how to attack the Koblitz curve. • The attack is based on Pollard’s Rho for discrete logarithms [Pol78]. • They describe highly optimised implementations, speeds and estimates for CPUs, PS3s, GPUs and FPGAs. • To compare the ODROID-C2 to these platforms we should optimise ECC2K-130 for the Cortex-A53. 9/19 Thom Wiggers

  22. Cortex-A53 characteristics • ARMv8-A architecture • 32 registers • ARM NEON extensions – 32 128-bit vector registers 10/19 Thom Wiggers

  23. Cortex-A53 characteristics • ARMv8-A architecture • 32 registers • ARM NEON extensions – 32 128-bit vector registers No detailed instruction characteristics are available 10/19 Thom Wiggers

  24. How to figure them out • We have a cycle counter • Idea: write small (micro) programs and measure how long they take (benchmarking). measure_load: mrs x17, PMCCNTR_EL0 ; store cycle counter at x17 ldr q0, [x0] ; load q0 from address x0 mrs x18, PMCCNTR_EL0 ; store cycle counter at x18 sub x0, x18, x17 ; cycles spent = x18 - x19 ret 11/19 Thom Wiggers

  25. Benchmark results Table: Hypothesised 128-bit vector instruction characteristics on the Cortex-A53. Latencies are including the issue cycles. ldr and ldp can be paired with a single arithmetic instruction for free. Instruction Issue cycles Latency (cycles) Binary arithmetic ( eor, and ) 1 1 Addition ( add ) 1 2 Load ( ldr ) 2 3 Store ( str ) 1 — Load pair ( ldp ) 4 3, 4 Store pair ( stp ) 2 — 12/19 Thom Wiggers

  26. Benchmark results Table: Hypothesised 128-bit vector instruction characteristics on the Cortex-A53. Latencies are including the issue cycles. ldr and ldp can be paired with a single arithmetic instruction for free. Instruction Issue cycles Latency (cycles) Binary arithmetic ( eor, and ) 1 1 Addition ( add ) 1 2 Load ( ldr ) 2 3 Store ( str ) 1 — Load pair ( ldp ) 4 3, 4 Store pair ( stp ) 2 — 12/19 Thom Wiggers

  27. Execution Pipelines ldr q0, [x0] eor v1.16b, v1.16b, v1.16b Instruction Issue cycles Latency (cycles) Binary arithmetic ( eor, and ) 1 1 Load ( ldr ) 2 3 13/19 Thom Wiggers

  28. Bitslicing � a 4 � a = a 3 a 2 a 1 a 0 � b 4 � b = b 3 b 2 b 1 b 0 � � c = c 4 c 3 c 2 c 1 c 0 � d 4 � d = d 3 d 2 d 1 d 0 . . . 14/19 Thom Wiggers

  29. Bitslicing             a a 4 a 3 a 2 a 1 a 0 b b 4 b 3 b 2 b 1 b 0                         c c 4 c 3 c 2 c 1 c 0 =                         d d 4 d 3 d 2 d 1 d 0             . . . . . .             . . . . . . . . . . . . 15/19 Thom Wiggers

  30. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • 16/19 Thom Wiggers

  31. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • Karatsuba [KO63]: O ( n log 2 ( 3 ) ) • 16/19 Thom Wiggers

  32. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • Karatsuba [KO63]: O ( n log 2 ( 3 ) ) • – Split A , B in an upper ( A h , B h ) and lower part ( A l , B l ) 16/19 Thom Wiggers

  33. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • Karatsuba [KO63]: O ( n log 2 ( 3 ) ) • – Split A , B in an upper ( A h , B h ) and lower part ( A l , B l ) – Compute C = A · B as C = 2 n A h · B h + 2 n / 2 ( A h + A l ) · ( B h + B l ) + A l · B l 16/19 Thom Wiggers

  34. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • Karatsuba [KO63]: O ( n log 2 ( 3 ) ) • – Split A , B in an upper ( A h , B h ) and lower part ( A l , B l ) – Compute C = A · B as C = 2 n A h · B h + 2 n / 2 ( A h + A l ) · ( B h + B l ) + A l · B l Repeat recursively • 16/19 Thom Wiggers

  35. Optimising n -bit binary polynomial multiplications Schoolbook approach: O ( n 2 ) • Karatsuba [KO63]: O ( n log 2 ( 3 ) ) • – Split A , B in an upper ( A h , B h ) and lower part ( A l , B l ) – Compute C = A · B as C = 2 n A h · B h + 2 n / 2 ( A h + A l ) · ( B h + B l ) + A l · B l Repeat recursively • You can get rid of a few operations by using Refined • Karatsuba [Ber09]. 16/19 Thom Wiggers

Recommend

Porting Go to NetBSD/arm64 Maya Rashish <coypu@sdf.org> Porting Go to NetBSD/arm64

Porting Go to NetBSD/arm64 Maya Rashish <coypu@sdf.org> Porting Go to NetBSD/arm64

Porting Go to NetBSD/arm64 Maya Rashish <coypu@sdf.org> Porting Go to NetBSD/arm64 Porting: making something run on another operating system or architecture Go: a programming language NetBSD: an operating system (1993-current) arm64:

1.03k views • 21 slides
Green Cloud Sustainable Open Source Cloud Architecture on ARM64 @KurtStam, PhD Red Hat

Green Cloud Sustainable Open Source Cloud Architecture on ARM64 @KurtStam, PhD Red Hat

Green Cloud Sustainable Open Source Cloud Architecture on ARM64 @KurtStam, PhD Red Hat Middleware Engineering Saturn 2018 Kubernetes on RaspberryPi Low Power ARM64 Cloud 1. Run your cloud infrastructure on ARM64: Docker and

212 views • 17 slides
Energy Efficient Mortgages Initiative Energy efficient Mortgages Action Plan (EeMAP) Energy

Energy Efficient Mortgages Initiative Energy efficient Mortgages Action Plan (EeMAP) Energy

Energy Efficient Mortgages Initiative Energy efficient Mortgages Action Plan (EeMAP) Energy efficient Data Portal & Protocol (EeDaPP) 1 www.energyefficientmortgages.eu Specific benefits from energy efficiency (EE) in households

553 views • 22 slides
1 CPU-Intensive Jobs Taskfarming Parallelisable, for example Taskfarming Sentence by sentence

1 CPU-Intensive Jobs Taskfarming Parallelisable, for example Taskfarming Sentence by sentence

Outline Why do we need a cluster? Architecture: Machines and Properties Taskfarming Estimating Walltime Limits Common Pitfalls of Using the Cluster Joachim Wagner 2009-07-01 Why do we need a cluster? Cluster Architecture More efficient and

249 views • 4 slides
Energy Efficient Cooperative Energy Efficient Cooperative Communications Iain Collings | Deputy

Energy Efficient Cooperative Energy Efficient Cooperative Communications Iain Collings | Deputy

Energy Efficient Cooperative Energy Efficient Cooperative Communications Iain Collings | Deputy Chief (Research), Computational Informatics Division 20 th November 2013 With contributions from: Vijay Sivaraman, Ren Liu, Craig Russell, Maged

1.01k views • 63 slides
Energy Efficiency Cluster Lending For SMEs By Indian Banks Cluster lending represents an

Energy Efficiency Cluster Lending For SMEs By Indian Banks Cluster lending represents an

Energy Efficiency Cluster Lending For SMEs By Indian Banks Cluster lending represents an innovative approach that can be utilized by domestic financial institutions to increase lending for energy efficiency projects in the SME sector.

1.49k views • 16 slides
Energy Efficient Enterprise Bashir Ahmad, P.Eng. ABB Inc . (Canada) ABB Inc Abstract 240 Energy

Energy Efficient Enterprise Bashir Ahmad, P.Eng. ABB Inc . (Canada) ABB Inc Abstract 240 Energy

Energy Efficient Enterprise Bashir Ahmad, P.Eng. ABB Inc . (Canada) ABB Inc Abstract 240 Energy Efficient Enterprise Introduction Energy prices are increasing Energy cost is one of the main expenses in any industrial manufacturing

135 views • 13 slides
AND MIPS64 PLATFORMS Stefan Peji ore Kovaevi LuaJIT LuaJIT 2.0.4 (release) No

AND MIPS64 PLATFORMS Stefan Peji ore Kovaevi LuaJIT LuaJIT 2.0.4 (release) No

LUAJIT FOR AARCH64 AND MIPS64 PLATFORMS Stefan Peji ore Kovaevi LuaJIT LuaJIT 2.0.4 (release) No MIPS64 support No ARM64 support LuaJIT 2.1 (development branch) ARM64 interpreter ARM64 JIT (as of November)

487 views • 17 slides
Energy Efficient Channel Coding Leonardo Fagundes Luz Serrano Energy Efficient Channel Coding

Energy Efficient Channel Coding Leonardo Fagundes Luz Serrano Energy Efficient Channel Coding

Energy Efficient Channel Coding Leonardo Fagundes Luz Serrano Energy Efficient Channel Coding Forward Error Correction stages are now essential in communication systems. FEC stages are more sensitive to high transmission rates since they

328 views • 3 slides
Energy Efficient Construction Energy Efficient Construction Case Study Presentation Josh Trent,

Energy Efficient Construction Energy Efficient Construction Case Study Presentation Josh Trent,

Energy Efficient Construction Energy Efficient Construction Case Study Presentation Josh Trent, Director Communities & Design Director Frontier Housing, Inc 5445 Flemingsburg Road, Morehead, KY 40351 606.784.2131 josh@frontierhousing.org

208 views • 16 slides
Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4

Kubernetes on ARM64 Kubernetes on ARM64 Raspberry PI 4 Kubernetes cloud for a Raspberry PI 4 Kubernetes cloud for a few Euros! few Euros! Jean-Frederic Clere Jean-Frederic Clere @jfclere @jfclere Fosdem 2020 Feb. 1-2, 2020 TM Who am I?

529 views • 26 slides
Energy-efficient Energy-efficient Data Collection in Wireless Data Collection in Wireless

Energy-efficient Energy-efficient Data Collection in Wireless Data Collection in Wireless

Energy-efficient Energy-efficient Data Collection in Wireless Data Collection in Wireless Sensor Networks Sensor Networks G. Anastasi Pervasive Computing & Networking Lab. (PerLab) Department of Information Engineering University of

370 views • 21 slides
Cluster-GCN: An Efficient Algorithm for Training Deep and Large Graph Convolutional Networks

Cluster-GCN: An Efficient Algorithm for Training Deep and Large Graph Convolutional Networks

Cluster-GCN: An Efficient Algorithm for Training Deep and Large Graph Convolutional Networks Wei-Lin Chiang 1 , Xuanqing Liu 2 , Si Si 3 , Yang Li 3 , Samy Bengio 3 , Cho-Jui Hsieh 23 1 National Taiwan University, 2 UCLA, 3 Google Research Graph

616 views • 23 slides
Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for

Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for

Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems Tim Beyne, Anne Canteaut, Itai Dinur, Maria Eichlseder, Gregor Leander, Ga etan Leurent, L eo Perrin, Mar a Naya

488 views • 34 slides
Energy-efficient Trajectory Tracking for Mobile Devices Based on "Energy-efficient

Energy-efficient Trajectory Tracking for Mobile Devices Based on "Energy-efficient

Energy-efficient Trajectory Tracking for Mobile Devices Based on "Energy-efficient Trajectory Tracking for Mobile Devices" by M. B. Kjrgaard, Sourav Bhattacharya, Henrik Blunck, Petteri Nurmi Krzysztof Winiewski Trajectory

429 views • 40 slides
cluster for data mining algorithms Joo Saffran, Gabriel Garcia, Matheus A. Souza , Pedro H.

cluster for data mining algorithms Joo Saffran, Gabriel Garcia, Matheus A. Souza , Pedro H.

A low-cost energy-efficient Raspberry Pi cluster for data mining algorithms Joo Saffran, Gabriel Garcia, Matheus A. Souza , Pedro H. Penna, Mrcio Castro , Lus F. W. Ges and Henrique C. Freitas matheus.alcantara@sga.pucminas.br

522 views • 35 slides
Energy-efficient & High-performance Energy-efficient & High-performance Instruction Fetch

Energy-efficient & High-performance Energy-efficient & High-performance Instruction Fetch

Energy-efficient & High-performance Energy-efficient & High-performance Instruction Fetch using a Block-aware ISA Instruction Fetch using a Block-aware ISA Ahmad Zmily and Christos Kozyrakis Electrical Engineering Department Stanford

250 views • 23 slides
Energy efficient R&D investment and Aggregate Energy Demand: Evidence from OECD Countries

Energy efficient R&D investment and Aggregate Energy Demand: Evidence from OECD Countries

Energy efficient R&D investment and Aggregate Energy Demand: Evidence from OECD Countries Amin Karimu & Runar Brnnlund The Tenth Conference on the Economics of Energy and Climate Change-September,2015 Plan of the talk Motivation

714 views • 26 slides
Research on Efficient Erasure-Coding- Based Cluster Storage Systems Patrick P. C. Lee The Chinese

Research on Efficient Erasure-Coding- Based Cluster Storage Systems Patrick P. C. Lee The Chinese

Research on Efficient Erasure-Coding- Based Cluster Storage Systems Patrick P. C. Lee The Chinese University of Hong Kong NCIS14 1 Joint work with Runhui Li, Jian Lin, Yuchong Hu Motivation Clustered storage systems are widely deployed

532 views • 36 slides
cvcrand and cptest : Efficient Design and Analysis of Cluster Randomized Trials John Gallis in

cvcrand and cptest : Efficient Design and Analysis of Cluster Randomized Trials John Gallis in

cvcrand and cptest : Efficient Design and Analysis of Cluster Randomized Trials John Gallis in collaboration with Fan Li, Hengshi Yu and Elizabeth L. Turner Duke University Department of Biostatistics & Bioinformatics and Duke Global Health

743 views • 53 slides
ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and

ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and

ENERGY EFFICIENT SOFTWARE DEFINED NETWORKS Nicolas HUIN COATI and SigNet, I3S/Inria Supervisors: Frdric Giroire & Dino Lopez 28 th September 2017 2 9/28/17 Energy Efficient Software Defined Networks Energy

927 views • 91 slides
FOCUSES ON THE DEVELOPMENT OF ENERGY EFFICIENT TECHNOLOGIES AND ENERGY-SAVING IN BUILDINGS The

FOCUSES ON THE DEVELOPMENT OF ENERGY EFFICIENT TECHNOLOGIES AND ENERGY-SAVING IN BUILDINGS The

FOCUSES ON THE DEVELOPMENT OF ENERGY EFFICIENT TECHNOLOGIES AND ENERGY-SAVING IN BUILDINGS The Euro-Centrum Science & Technology Park is located in the heart of a Silesian Voivodeship. It was created on a postindustrial area. Today makes

371 views • 16 slides
Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31

Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31

Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31 2015 1 Contents Introduction Scope of the presentation Supported tools Call stack unwinding General Methods Corner cases

205 views • 19 slides
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and

Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and

Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic Techniques Summer school 2007 1

706 views • 57 slides

More recommend