DOCSLIB.ORG

Horizontal PDF Slides

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Horizontal PDF Slides 1 2 Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: “I have a problem where I need to make some University of Illinois at Chicago; cryptography faster, and I’m Ruhr University Bochum setting up a $1000 competition funded from my own pocket for Reporting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H(M), especially from RWC 2020. where M is a long message. Not included in this talk: “[On a] 900MHz Cortex-A7 NISTLWC. • [SHA-256] takes 28.86 cpb ::: Short inputs. • BLAKE2b is nearly twice as FHE/MPC ciphers. • fast ::: However, this is still a lot slower than I’m happy with.” 1 2 3 Speed, speed, speed $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). D. J. Bernstein Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, University of Illinois at Chicago; cryptography faster, and I’m not full collision resistance. Ruhr University Bochum setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? Reporting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H(M), especially from RWC 2020. where M is a long message. Not included in this talk: “[On a] 900MHz Cortex-A7 NISTLWC. • [SHA-256] takes 28.86 cpb ::: Short inputs. • BLAKE2b is nearly twice as FHE/MPC ciphers. • fast ::: However, this is still a lot slower than I’m happy with.” 1 2 3 Speed, speed, speed $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). D. J. Bernstein Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, University of Illinois at Chicago; cryptography faster, and I’m not full collision resistance. Ruhr University Bochum setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? Reporting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H(M), especially from RWC 2020. where M is a long message. Not included in this talk: “[On a] 900MHz Cortex-A7 NISTLWC. • [SHA-256] takes 28.86 cpb ::: Short inputs. • BLAKE2b is nearly twice as FHE/MPC ciphers. • fast ::: However, this is still a lot slower than I’m happy with.” 1 2 3 Speed, speed, speed $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). D. J. Bernstein Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, University of Illinois at Chicago; cryptography faster, and I’m not full collision resistance. Ruhr University Bochum setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? Reporting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H(M), especially from RWC 2020. where M is a long message. Not included in this talk: “[On a] 900MHz Cortex-A7 NISTLWC. • [SHA-256] takes 28.86 cpb ::: Short inputs. • BLAKE2b is nearly twice as FHE/MPC ciphers. • fast ::: However, this is still a lot slower than I’m happy with.” 2 3 $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” Not fast enough: Signing H(M), where M is a long message. “[On a] 900MHz Cortex-A7 [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as fast ::: However, this is still a lot slower than I’m happy with.” 2 3 $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” “As far as I know, no-one Not fast enough: Signing H(M), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as fast ::: However, this is still a lot slower than I’m happy with.” 2 3 $1000 TCR hashing competition Instead choose random R and sign (R; H(R; M)). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” “As far as I know, no-one Not fast enough: Signing H(M), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as More desiderata: tree hash, fast ::: However, this is still a new tweak at each vertex, lot slower than I’m happy with.” multi-message security. 2 3 4 $1000 TCR hashing competition Instead choose random R Aumasson, “Too much crypto” and sign (R; H(R; M)). Crowley: “I have a problem 70%, 23%, 35%, 21% rounds or where I need to make some Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of cryptography faster, and I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 setting up a $1000 competition Does this allow faster H design? are “broken” or “practically broken”. funded from my own pocket for TCR breaks how many rounds? “Inconsistent security margins”. work towards the solution.” “As far as I know, no-one Not fast enough: Signing H(M), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as More desiderata: tree hash, fast ::: However, this is still a new tweak at each vertex, lot slower than I’m happy with.” multi-message security. 2 3 4 $1000 TCR hashing competition Instead choose random R Aumasson, “Too much crypto” and sign (R; H(R; M)). Crowley: “I have a problem 70%, 23%, 35%, 21% rounds or where I need to make some Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of cryptography faster, and I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 setting up a $1000 competition Does this allow faster H design? are “broken” or “practically broken”. funded from my own pocket for TCR breaks how many rounds? “Inconsistent security margins”. work towards the solution.” “As far as I know, no-one Not fast enough: Signing H(M), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as More desiderata: tree hash, fast ::: However, this is still a new tweak at each vertex, lot slower than I’m happy with.” multi-message security. 2 3 4 $1000 TCR hashing competition Instead choose random R Aumasson, “Too much crypto” and sign (R; H(R; M)). Crowley: “I have a problem 70%, 23%, 35%, 21% rounds or where I need to make some Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of cryptography faster, and I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 setting up a $1000 competition Does this allow faster H design? are “broken” or “practically broken”. funded from my own pocket for TCR breaks how many rounds? “Inconsistent security margins”. work towards the solution.” “As far as I know, no-one Not fast enough: Signing H(M), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb ::: BLAKE2b is nearly twice as More desiderata: tree hash, fast ::: However, this is still a new tweak at each vertex, lot slower than I’m happy with.” multi-message security. 3 4 Instead choose random R Aumasson, “Too much crypto” and sign (R; H(R; M)). 70%, 23%, 35%, 21% rounds or Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 Does this allow faster H design? are “broken” or “practically broken”. TCR breaks how many rounds? “Inconsistent security margins”. “As far as I know, no-one has ever proposed a TCR as a primitive, designed to be faster than existing hash functions, and that’s what I need.” More desiderata: tree hash, new tweak at each vertex, multi-message security. 3 4 Instead choose random R Aumasson, “Too much crypto” and sign (R; H(R; M)).
Load more

Recommended publications
  • Intel® Architecture Instruction Set Extensions and Future Features Programming Reference
    Intel® Architecture Instruction Set Extensions and Future Features Programming Reference 319433-037 MAY 2019 Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifica- tions. Current characterized errata are available on request. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Intel does not guarantee the availability of these interfaces in any future product. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1- 800-548-4725, or by visiting http://www.intel.com/design/literature.htm. Intel, the Intel logo, Intel Deep Learning Boost, Intel DL Boost, Intel Atom, Intel Core, Intel SpeedStep, MMX, Pentium, VTune, and Xeon are trademarks of Intel Corporation in the U.S.
    [Show full text]
  • Broadwell Skylake Next Gen* NEW Intel NEW Intel NEW Intel Microarchitecture Microarchitecture Microarchitecture
    15 лет доступности IOTG is extending the product availability for IOTG roadmap products from a minimum of 7 years to a minimum of 15 years when both processor and chipset are on 22nm and newer process technologies. - Xeon Scalable (w/ chipsets) - E3-12xx/15xx v5 and later (w/ chipsets) - 6th gen Core and later (w/ chipsets) - Bay Trail (E3800) and later products (Braswell, N3xxx) - Atom C2xxx (Rangeley) and later - Не включает в себя Xeon-D (7 лет) и E5-26xx v4 (7 лет) 2 IOTG Product Availability Life-Cycle 15 year product availability will start with the following products: Product Discontinuance • Intel® Xeon® Processor Scalable Family codenamed Skylake-SP and later with associated chipsets Notification (PDN)† • Intel® Xeon® E3-12xx/15xx v5 series (Skylake) and later with associated chipsets • 6th Gen Intel® Core™ processor family (Skylake) and later (includes Intel® Pentium® and Celeron® processors) with PDNs will typically be issued no later associated chipsets than 13.5 years after component • Intel Pentium processor N3700 (Braswell) and later and Intel Celeron processors N3xxx (Braswell) and J1900/N2xxx family introduction date. PDNs are (Bay Trail) and later published at https://qdms.intel.com/ • Intel® Atom® processor C2xxx (Rangeley) and E3800 family (Bay Trail) and late Last 7 year product availability Time Last Last Order Ship Last 15 year product availability Time Last Last Order Ship L-1 L L+1 L+2 L+3 L+4 L+5 L+6 L+7 L+8 L+9 L+10 L+11 L+12 L+13 L+14 L+15 Years Introduction of component family † Intel may support this extended manufacturing using reasonably Last Time Order/Ship Periods Component family introduction dates are feasible means deemed by Intel to be appropriate.
    [Show full text]
  • The Intel X86 Microarchitectures Map Version 2.0
    The Intel x86 Microarchitectures Map Version 2.0 P6 (1995, 0.50 to 0.35 μm) 8086 (1978, 3 µm) 80386 (1985, 1.5 to 1 µm) P5 (1993, 0.80 to 0.35 μm) NetBurst (2000 , 180 to 130 nm) Skylake (2015, 14 nm) Alternative Names: i686 Series: Alternative Names: iAPX 386, 386, i386 Alternative Names: Pentium, 80586, 586, i586 Alternative Names: Pentium 4, Pentium IV, P4 Alternative Names: SKL (Desktop and Mobile), SKX (Server) Series: Pentium Pro (used in desktops and servers) • 16-bit data bus: 8086 (iAPX Series: Series: Series: Series: • Variant: Klamath (1997, 0.35 μm) 86) • Desktop/Server: i386DX Desktop/Server: P5, P54C • Desktop: Willamette (180 nm) • Desktop: Desktop 6th Generation Core i5 (Skylake-S and Skylake-H) • Alternative Names: Pentium II, PII • 8-bit data bus: 8088 (iAPX • Desktop lower-performance: i386SX Desktop/Server higher-performance: P54CQS, P54CS • Desktop higher-performance: Northwood Pentium 4 (130 nm), Northwood B Pentium 4 HT (130 nm), • Desktop higher-performance: Desktop 6th Generation Core i7 (Skylake-S and Skylake-H), Desktop 7th Generation Core i7 X (Skylake-X), • Series: Klamath (used in desktops) 88) • Mobile: i386SL, 80376, i386EX, Mobile: P54C, P54LM Northwood C Pentium 4 HT (130 nm), Gallatin (Pentium 4 Extreme Edition 130 nm) Desktop 7th Generation Core i9 X (Skylake-X), Desktop 9th Generation Core i7 X (Skylake-X), Desktop 9th Generation Core i9 X (Skylake-X) • Variant: Deschutes (1998, 0.25 to 0.18 μm) i386CXSA, i386SXSA, i386CXSB Compatibility: Pentium OverDrive • Desktop lower-performance: Willamette-128
    [Show full text]
  • (12) United States Patent (10) Patent No.: US 9,514,285 B2 Durham Et Al
    USO09514285B2 (12) United States Patent (10) Patent No.: US 9,514,285 B2 Durham et al. (45) Date of Patent: Dec. 6, 2016 (54) CREATING STACK POSITION DEPENDENT (56) References Cited CRYPTOGRAPHC RETURN ADDRESS TO MTGATE RETURN ORIENTED U.S. PATENT DOCUMENTS PROGRAMMING ATTACKS 7.853,803 B2 * 12/2010 Milliken ................. GO6F 21/52 713, 176 (71) Applicant: Intel Corporation, Santa Clara, CA 2014/0173293 A1* 6/2014 Kaplan ................... G06F 21.54 (US) T13, 190 (72) Inventors: David M. Durham, Beaverton, OR OTHER PUBLICATIONS (US); Baiju V. Patel, Portland, OR “Disk encryption theory,” available at http://en.wikipedia.org/wiki/ (US) XEX-TCB-CTS, accessed Dec. 29, 2014, 6 pages. “The Heartbleed bug, available at http://heartbleed.com/, accessed (73) Assignee: Intel Corporation, Santa Clara, CA Dec. 29, 2014, 7 pages. (US) “OpenSSL.” available at http://en.wikipedia.org/wiki/OpenSSL, accessed Dec. 29, 2014, 13 pages. (*) Notice: Subject to any disclaimer, the term of this “Return-oriented programming,' available at http://en.wikipedia. patent is extended or adjusted under 35 org/wiki/Return-oriented programming, accessed Dec. 29, 2014, 4 pageS. U.S.C. 154(b) by 0 days. “Buffer overflow,” available at http://en.wikipedia.org/wiki/Buf (21) Appl. No.: 14/498,521 fer overflow, accessed Dec. 29, 2014, 12 pages. (22) Filed: Sep. 26, 2014 * cited by examiner Primary Examiner — Jacob Lipman (65) Prior Publication Data (74) Attorney, Agent, or Firm — Barnes & Thornburg US 2016/0094.552 A1 Mar. 31, 2016 LLP (51) Int. C. (57) ABSTRACT G6F 2/54 (2013.01) A computing device includes technologies for securing G06F2L/00 (2013.01) return addresses that are used by a processor to control the (52) U.S.
    [Show full text]
  • Trusted Platform Module Library Part 1: Architecture TCG Public Review
    Trusted Platform Module Library Part 1: Architecture Family “2.0” Level 00 Revision 01.50 September 18, 2018 Committee Draft Contact: [email protected] Work in Progress This document is an intermediate draft for comment only and is subject to change without notice. Readers should not design products based on this document. TCG Public Review Copyright © TCG 2006-2019 TCG Trusted Platform Module Library Part 1: Architecture Licenses and Notices Copyright Licenses: Trusted Computing Group (TCG) grants to the user of the source code in this specification (the “Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. Source Code Distribution Conditions: Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Disclaimers: THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration ([email protected]) for information on specification licensing rights available through TCG membership agreements.
    [Show full text]
  • Validation Report
    National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Cisco Network Convergence System 1000 Series Report Number: CCEVS-VR--11093 Dated: 07/07/2020 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6940 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940 Cisco Network Convergence System 1000 SeriesValidation Report Version 1.0, 07/06/2020 ACKNOWLEDGEMENTS Validation Team Paul Bicknell: Senior Validator Randy Heimann Linda Morrison: Lead Validator Clare Olin Common Criteria Testing Laboratory Chris Keenan Katie Sykes Gossamer Security Solutions, Inc. Catonsville, MD ii Cisco Network Convergence System 1000 SeriesValidation Report Version 1.0, 07/06/2020 Table of Contents Contents 1 Executive Summary .................................................................................................... 1 2 Identification ............................................................................................................... 2 3 Architectural Information ........................................................................................... 3 3.1 TOE Evaluated Configuration ............................................................................ 3 3.2 TOE Architecture ................................................................................................ 3 3.3 Physical Boundaries ...........................................................................................
    [Show full text]
  • Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings December 2003
    Risk Management Series Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings December 2003 FEMA FEMA 426 FEMA 426 / December 2003 RISK MANAGEMENT SERIES Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings PROVIDING PROTECTION TO PEOPLE AND BUILDINGS www.fema.gov Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of FEMA. Additionally, neither FEMA or any of its employees makes any warrantee, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process included in this publication. Users of information from this publication assume all liability arising from such use. he creation of the Department of Homeland Security (DHS) is one of the most significant transformations in the Federal Government in decades, establishing a department T whose first priority is to protect the nation against terrorist attacks. Within the DHS, the Directorate of Emergency Preparedness and Response (EP&R) is focused on ensuring that our nation is prepared for catastrophes, including both natural disasters and terrorist assaults. Central to this mission is the protection of people and the critical infrastructure of the built environment. This Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings provides guidance to the building science community of architects and engineers, to reduce physical damage to buildings, related infrastructure, and people caused by terrorist assaults. The comprehensive approach to understanding how to improve security in high occupancy buildings will better protect the nation from potential threats by identifying key actions and design criteria to strengthen our buildings from the forces that might be anticipated in a terrorist assault.
    [Show full text]
  • Sales Opportunity Guide
    Intel® Pentium® Silver and Celeron® Processors Sales Opportunity Better Performance Faster Security And battery life Enabled Browsing better web browsing 3 UP TO UP 79% experience better Windows* browsing and sharing application hours of Security- with password 1 2 ** APPROX. UP TO UP 58% performance 10 battery life enabled managers Flexible connectivity Enhanced media and choices graphics experience graphics Gigabit Fast networking performance performance with the first Gigabit Wi-Fi PC 4 UP TO UP 2.7X improvement Wi-fi* capability on entry level systems – faster than wired Dynamically boost your display visibility outdoors in sunlight with Gigabit Ethernet connection5,6 Local Adaptive Contrast Enhancement (LACE) technology 1. As projected by SYSmark* 2014 v1.5 on Intel® Pentium® Silver Processor N5000 PL1=6W TDP, 4C/4T, up to 2.7GHz, Memory: 2x2GB DDR4 2400, Storage: Intel SSD, OS: Windows* 10 RS2 vs. Intel® Pentium® Processor N3540, PL1=7.5W TDP, 4C/4T, up to 2.66GHz, Memory: 2x2GB DDR3L-1333, Storage: Intel SSD, OS: Windows* 10 RS2 > 2. As projected by 1080p Video Playback on Intel® Pentium® Silver Processor N5000 , PL1=6W TDP, 4C/4T, up to 2.7GHz, Memory: 2x2GB DDR4 2400, Storage: Intel SSD, OS: Windows* 10 RS2 Battery: 35WHr, 12.5", 1920x1080 > 3. As projected by WebXPRT* 2015 on Intel® Pentium® Silver Processor N5000 PL1=6W TDP, 4C/4T, up to 2.7GHz, Memory: 2x2GB DDR4 2400, Storage: Intel SSD, OS: Windows* 10 RS2 vs. Intel® Pentium® Processor N3540, PL1=7.5W TDP, 4C/4T, up to 2.66GHz, Memory: 2x2GB DDR3L-1333, Storage: Intel SSD, OS: Windows* 10 RS2 > 4.
    [Show full text]
  • Encryption Block Cipher
    10/29/2007 Encryption Encryption Block Cipher Dr.Talal Alkharobi 2 Block Cipher A symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher take n-bit block of plaintext as input, and output a corresponding n-bit block of ciphertext. The exact transformation is controlled using a secret key. Decryption is similar: the decryption algorithm takes n-bit block of ciphertext together with the secret key, and yields the original n-bit block of plaintext. Mode of operation is used to encrypt messages longer than the block size. 1 Dr.Talal Alkharobi 10/29/2007 Encryption 3 Encryption 4 Decryption 2 Dr.Talal Alkharobi 10/29/2007 Encryption 5 Block Cipher Consists of two algorithms, encryption, E, and decryption, D. Both require two inputs: n-bits block of data and key of size k bits, The output is an n-bit block. Decryption is the inverse function of encryption: D(E(B,K),K) = B For each key K, E is a permutation over the set of input blocks. n Each key K selects one permutation from the possible set of 2 !. 6 Block Cipher The block size, n, is typically 64 or 128 bits, although some ciphers have a variable block size. 64 bits was the most common length until the mid-1990s, when new designs began to switch to 128-bit. Padding scheme is used to allow plaintexts of arbitrary lengths to be encrypted. Typical key sizes (k) include 40, 56, 64, 80, 128, 192 and 256 bits.
    [Show full text]
  • The Intel X86 Microarchitectures Map Version 2.2
    The Intel x86 Microarchitectures Map Version 2.2 P6 (1995, 0.50 to 0.35 μm) 8086 (1978, 3 µm) 80386 (1985, 1.5 to 1 µm) P5 (1993, 0.80 to 0.35 μm) NetBurst (2000 , 180 to 130 nm) Skylake (2015, 14 nm) Alternative Names: i686 Series: Alternative Names: iAPX 386, 386, i386 Alternative Names: Pentium, 80586, 586, i586 Alternative Names: Pentium 4, Pentium IV, P4 Alternative Names: SKL (Desktop and Mobile), SKX (Server) Series: Pentium Pro (used in desktops and servers) • 16-bit data bus: 8086 (iAPX Series: Series: Series: Series: • Variant: Klamath (1997, 0.35 μm) 86) • Desktop/Server: i386DX Desktop/Server: P5, P54C • Desktop: Willamette (180 nm) • Desktop: Desktop 6th Generation Core i5 (Skylake-S and Skylake-H) • Alternative Names: Pentium II, PII • 8-bit data bus: 8088 (iAPX • Desktop lower-performance: i386SX Desktop/Server higher-performance: P54CQS, P54CS • Desktop higher-performance: Northwood Pentium 4 (130 nm), Northwood B Pentium 4 HT (130 nm), • Desktop higher-performance: Desktop 6th Generation Core i7 (Skylake-S and Skylake-H), Desktop 7th Generation Core i7 X (Skylake-X), • Series: Klamath (used in desktops) 88) • Mobile: i386SL, 80376, i386EX, Mobile: P54C, P54LM Northwood C Pentium 4 HT (130 nm), Gallatin (Pentium 4 Extreme Edition 130 nm) Desktop 7th Generation Core i9 X (Skylake-X), Desktop 9th Generation Core i7 X (Skylake-X), Desktop 9th Generation Core i9 X (Skylake-X) • New instructions: Deschutes (1998, 0.25 to 0.18 μm) i386CXSA, i386SXSA, i386CXSB Compatibility: Pentium OverDrive • Desktop lower-performance: Willamette-128
    [Show full text]
  • Intel® Architecture Instruction Set Extensions and Future Features
    Intel® Architecture Instruction Set Extensions and Future Features Programming Reference May 2021 319433-044 Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Your costs and results may vary. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All product plans and roadmaps are subject to change without notice. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. Code names are used by Intel to identify products, technologies, or services that are in development and not publicly available. These are not “commercial” names and not intended to function as trademarks. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be ob- tained by calling 1-800-548-4725, or by visiting http://www.intel.com/design/literature.htm. Copyright © 2021, Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.
    [Show full text]
  • Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption
    Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption Robert Granger1, Philipp Jovanovic2, Bart Mennink3, and Samuel Neves4 1 Laboratory for Cryptologic Algorithms, École polytechnique fédérale de Lausanne, Switzerland, [email protected] 2 Decentralized and Distributed Systems Lab, École polytechnique fédérale de Lausanne, Switzerland, [email protected] 3 Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium, [email protected] 4 CISUC, Dept. of Informatics Engineering, University of Coimbra, Portugal, [email protected] Abstract. A popular approach to tweakable blockcipher design is via masking, where a certain primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute tweak-dependent mask. In this work, we revisit the principle of masking. We do so alongside the introduction of the tweakable Even-Mansour construction MEM. Its masking function combines the advantages of word-oriented LFSR- and powering-up-based methods. We show in particular how recent advancements in computing discrete logarithms over finite fields of characteristic 2 can be exploited in a constructive way to realize highly efficient, constant-time masking functions. If the masking satisfies a set of simple conditions, then MEM is a secure tweakable blockcipher up to the birthday bound. The strengths of MEM are exhibited by the design of fully parallelizable authenticated encryption schemes OPP (nonce-respecting) and MRO (misuse-resistant). If instantiated with a reduced-round BLAKE2b permutation, OPP and MRO achieve speeds up to 0.55 and 1.06 cycles per byte on the Intel Haswell microarchitecture, and are able to significantly outperform their closest competitors.
    [Show full text]