Hacker Newsnew | comments | show | ask | jobs | submit | login

mixAndPermute is actually 'RSA' encryption; the modulus factors as 43 * 47 and the public exponent is 5. Inverting it is a matter of computing x^773 mod 2021.

reply


> And by the way few people do math "heavy lifting" with x86 CPUs today, they would rather do it in a GPU

This depends on the workload, really; some workloads are quite GPU-unfriendly. In any case, the supercomputer in question---Tianhe-2 [2]---derives most of its computing power from the Xeon Phi [1], a x86-ish many-core vector processor which looks much like a GPU.

[1] https://en.wikipedia.org/wiki/Xeon_Phi

[2] http://top500.org/system/177999

reply


That would not be very semantically secure; while you could not see exactly what the original image was, you could still make out the movement. That would sort of be the analog of the ECB penguin on moving pictures.

-----


No.

-----


You're referring to Bitlocker, right? Don't they do something different, like iOS Data Protection, for non-Pro?

-----


Yes, Bitlocker. There is something called "Device Encryption" in every edition, but it has some rather unusual hardware requirements (TPM and connected standby).

-----


For what it's worth, regarding the recommendation in page 14 of the report, there is a portable implementation (well, direct port of the SSSE3 code) of AES-CTR in NaCl: https://github.com/jedisct1/libsodium/tree/master/src/libsod.... Don't expect it to be fast or anything, but it exists.

-----


No, that is not how factorization scales. The time difference between a 760 and 768-bit modulus is less than a factor of 2.

-----


PCLMULQDQ is a godsend to both (GCM and binary elliptic curves), since both rely heavily on multiplication performance over F_{2^n}. The current fastest elliptic curve implementations are over binary fields using this instruction: http://eprint.iacr.org/2013/131.

-----


Ah, interesting - so this applies in particular to elliptic curves over binary fields.

I may have missed this, but did they note how performance fared in the absence of hardware support?

Also, have binary curves (this or the NIST ones or any others) seen widespread deployment anywhere? I was under the impression that prime field curves were more widely used.

-----


As far as I know they didn't try to make a good implementation without CLMUL. However, the older endomorphism-free curve2251 implementation [2, 3] is eye-opening:

- the SSSE3 implementation is ~2.7 times slower than with CLMUL - the generic (using mpfq, which should actually be pretty good) implementation is 5-6 times slower than with CLMUL

Binary curves used to be a lot more popular than they are now, before we all had fat multipliers in CPUs. The patent situation is worse for binary fields too, I think. That said, I'm pretty sure there are deployments somewhere using them; Dan Boneh's TLS survey [1] shows an overwhelming 96% of TLS clients using NIST's P-256, but the second most popular curve is NIST's B-233, at 3.6%. I would guess that this is due to hardware accelerators.

[1] http://www.w2spconf.com/2014/papers/TLS.pdf

[2] http://bench.cr.yp.to/web-impl/amd64-titan0-crypto_dh.html

[3] https://eprint.iacr.org/2011/170

-----


Great info - thanks!

-----


All the author had to to was to add '-march=native' or '-march=core-avx2' to the compiler command line: http://goo.gl/H4f62I

-----


Clang 3.7.0 (experimental) + -march=skylake gives you AVX512. zmm all the way, baby! 256 bytes processed in the inner loop!

-----


But what gives me a Skylake CPU?

-----


A time machine, or a job working at Intel? :)

-----


I was puzzled as well. There is an analogous of the FFT method of multiplying polynomials and integers to the matrix multiplication case [1], but it is not as simple and probably does not belong in an introduction to linear algebra.

[1] http://arxiv.org/abs/math/0307321v2

-----


I finished 4th in Microcorruption. While exploiting vulnerabilities is not my day job, I have been playing CTFs for a long time, and am familiar with the process. It is certainly something one can overspecialize in.

Looking at the first page of the Hall of Fame, I see big names like Alex Sotirov, Russ Cox, Ricky Zhou, Ludvig Strigeus, and many other familiar names/handles usually seen at CTF events. There are also many unknowns, which I suppose was Thomas's point.

-----


There were "elite" participants, but they were numerically dominated by strong participants without the background. Which, if you're a hiring manager, is a very interesting and exploitable bit of data. Our odds of hiring Russ Cox or Alex Sotirov were not good. Our odds of being the first serious job for the next Alex Sotirov were better.

-----

More

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: