[llvm-dev] [RFC] carry-less multiplication instruction (original) (raw)

Hal Finkel via llvm-dev llvm-dev at lists.llvm.org
Thu Jul 9 08:24:52 PDT 2020

On 7/9/20 10:13 AM, Steve (Numerics) Canon via llvm-dev wrote:

CLMUL is absolutely useful outside of “crypto” contexts that want/require “constant time” operation.

To name just two families of uses, it’s the backbone of many hash/checksum algorithms and error-correcting codes, where the goal is often simply to go as fast as possible, and uArch side-channel resistance is not a concern. – Steve

+1

See, e.g., https://lemire.me/blog/2015/10/26/crazily-fast-hashing-with-carry-less-multiplications/ -- and also, https://en.wikipedia.org/wiki/CLMUL_instruction_set, "One use of these instructions is to improve the speed of applications doing block cipher encryption in Galois/Counter Mode, which depends on finite field GF(2^k) multiplication. Another application is the fast calculation of CRC values, including those used to implement the LZ77 sliding window DEFLATE algorithm in zlib and pngcrush."

 -Hal

On Jul 9, 2020, at 10:41 AM, Roman Lebedev via llvm-dev <llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org>> wrote:

What i do NOT understand is: what is the actual/main goal/driving factor of adding an LLVM intrinsic for it? The use that was mentioned is crypto, and i'm personally not really registering anything else. Am i just misreading it? The crypto use-case doesn't make sense to me, because as of this moment LLVM "explicitly" has zero constant-time guarantees for LLVM IR instructions/intrinsics.

LLVM Developers mailing list llvm-dev at lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

-- Hal Finkel Lead, Compiler Technology and Programming Languages Leadership Computing Facility Argonne National Laboratory

-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200709/191dcfd1/attachment.html>

More information about the llvm-dev mailing list