POWER9: Is there a way to improve the random number generation on PPC64?
Gustavo Romero
gromero at linux.vnet.ibm.com
Mon Nov 27 13:08:43 UTC 2017
Hi Volker,
On 24-11-2017 20:04, Volker Simonis wrote:
> Hi Gustavo,
>
> in one of my talks [1,2] I have an example on how to intrinsify
> Random.nextInt() in C2 by using the Intel 'rdrandl' instruction. But
> please notice that this is just a "toy" example - it is not production
> ready. In fact I think the right way would be to create a new
> SecureRandom provider where you may implement "engineNextBytes" by
> using the new Power instruction (maybe by calling a native function).
> This special implementation of "engineNextBytes" could then be
> intrinsified as described in the talk.
Thanks for the references :-)
> Also, before you start this, please contact the security mailing list
> just to make sure you're not going into the wrong direction (I'm not a
> security expert :)
Sure. I just want to do a few experiments before to get at least an initial
working "toy" example for 'darn'. The references you pointed out will help a
lot.
Thanks!
Regards,
Gustavo
> Regards,
> Volker
>
> [1] https://vimeo.com/182074382
> [2] https://rawgit.com/simonis/JBreak2016/master/jbreak2016.xhtml#/
>
> On Fri, Nov 24, 2017 at 12:58 PM, Gustavo Romero
> <gromero at linux.vnet.ibm.com> wrote:
>> Hi,
>>
>> POWER9 processors introduced a new single instruction to generate a random
>> number called 'darn' (Deliver A Random Number) [1, 2]. The random number
>> generator behind this instruction is NIST SP800-90B and SP800-90C compliant and
>> provides a minimum of 0.5 bits of entropy per bit. That instruction is as simple
>> as "darn RT, L", where RT is general 64-bit purpose register and L is a 2-bit
>> operand to select the random number format. One can call 'darn' many times to
>> obtain a new random number each time.
>>
>> Initially I think it can help on the improving (throughput) of SecureRandom.generateSeed()
>> method & friends from JCE (NativePRNG provider). If that holds, so it has to
>> be done both for Interpreter and JIT.
>>
>> Currently generateSeed() from NativePRNG basically reads from /dev/random by
>> default (which blocks from time to time) or /dev/urandom if instructed to do so.
>> Could somebody please help me to figure out the appropriate place to exploit
>> such a P9 instruction for interpreted mode, given that code for generateSeed()
>> is pure Java and behind scenes just opens /dev/random file and reads from
>> it? For instance, is it correct to exploit it on a C/C++ code and attach that
>> by means of a JNI?
>>
>> Finally, for JITed mode, I think that a way to exploit such a feature would be
>> by matching an specific sub-tree in Ideal Graph and from that emit a `darn`
>> instruction, however I could not figure one sound sub-tree with known nodes
>> (AddI, LoadN, Parm, etc) that could be matched for that purpose. How do porters
>> usually proceed in this case?
>>
>> Any comments shedding some light on that is much appreciated.
>>
>> Thanks and best regards,
>> Gustavo
>>
>> [1] https://www.docdroid.net/tWT7hjD/powerisa-v30.pdf, p. 79
>> [2] https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0
>>
>
More information about the ppc-aix-port-dev
mailing list