POWER9: Is there a way to improve the random number generation on PPC64?
Volker Simonis
volker.simonis at gmail.com
Fri Nov 24 22:04:04 UTC 2017
Hi Gustavo,
in one of my talks [1,2] I have an example on how to intrinsify
Random.nextInt() in C2 by using the Intel 'rdrandl' instruction. But
please notice that this is just a "toy" example - it is not production
ready. In fact I think the right way would be to create a new
SecureRandom provider where you may implement "engineNextBytes" by
using the new Power instruction (maybe by calling a native function).
This special implementation of "engineNextBytes" could then be
intrinsified as described in the talk.
Also, before you start this, please contact the security mailing list
just to make sure you're not going into the wrong direction (I'm not a
security expert :)
Regards,
Volker
[1] https://vimeo.com/182074382
[2] https://rawgit.com/simonis/JBreak2016/master/jbreak2016.xhtml#/
On Fri, Nov 24, 2017 at 12:58 PM, Gustavo Romero
<gromero at linux.vnet.ibm.com> wrote:
> Hi,
>
> POWER9 processors introduced a new single instruction to generate a random
> number called 'darn' (Deliver A Random Number) [1, 2]. The random number
> generator behind this instruction is NIST SP800-90B and SP800-90C compliant and
> provides a minimum of 0.5 bits of entropy per bit. That instruction is as simple
> as "darn RT, L", where RT is general 64-bit purpose register and L is a 2-bit
> operand to select the random number format. One can call 'darn' many times to
> obtain a new random number each time.
>
> Initially I think it can help on the improving (throughput) of SecureRandom.generateSeed()
> method & friends from JCE (NativePRNG provider). If that holds, so it has to
> be done both for Interpreter and JIT.
>
> Currently generateSeed() from NativePRNG basically reads from /dev/random by
> default (which blocks from time to time) or /dev/urandom if instructed to do so.
> Could somebody please help me to figure out the appropriate place to exploit
> such a P9 instruction for interpreted mode, given that code for generateSeed()
> is pure Java and behind scenes just opens /dev/random file and reads from
> it? For instance, is it correct to exploit it on a C/C++ code and attach that
> by means of a JNI?
>
> Finally, for JITed mode, I think that a way to exploit such a feature would be
> by matching an specific sub-tree in Ideal Graph and from that emit a `darn`
> instruction, however I could not figure one sound sub-tree with known nodes
> (AddI, LoadN, Parm, etc) that could be matched for that purpose. How do porters
> usually proceed in this case?
>
> Any comments shedding some light on that is much appreciated.
>
> Thanks and best regards,
> Gustavo
>
> [1] https://www.docdroid.net/tWT7hjD/powerisa-v30.pdf, p. 79
> [2] https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0
>
More information about the ppc-aix-port-dev
mailing list