[EXTERNAL] [UNVERIFIED SENDER] Re: (8u) RFR: 8131062: aarch64: add support for GHASH acceleration

Andrew Haley aph-open at littlepinkcloud.com
Tue Aug 24 08:06:14 UTC 2021


On 8/24/21 7:33 AM, Liu, Xin wrote:
> To be honest, I haven't understood the timing attack. I think the prior
> GHash function handles each block in constant time too. This patch makes
> it faster but it doesn't change this property.

True. I misremembered.

> Thanks you for the pointer. I backport this as well. As you said, this
> revision refactors code with comments and becomes more idiomatic in
> armv8. Not only I verify its correctness, I also measure performance
> using microbenchmarks. I observe extra ~20% performance on top of
> JDK-8131062.

I have very mixed feelings about this. Just so you know the history, at
the time I wrote it I didn't propose it for backport because I was
concerned that it really wasn't the sort of enhancement that was
appropriate for a long-term-stable release. I'm not sure what's
changed now. I guess the answer is that more people are using the
AArch64 port now, so its efficiency is important, and the GHASH
acceleration has had a long time to bake in later releases.

-- 
Andrew Haley  (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671


More information about the jdk8u-dev mailing list