[llvm-dev] [RFC] carry-less multiplication instruction
Steve (Numerics) Canon via llvm-dev
llvm-dev at lists.llvm.org
Thu Jul 9 08:13:40 PDT 2020
CLMUL is absolutely useful outside of “crypto” contexts that want/require “constant time” operation.
To name just two families of uses, it’s the backbone of many hash/checksum algorithms and error-correcting codes, where the goal is often simply to go as fast as possible, and uArch side-channel resistance is not a concern.
– Steve
> On Jul 9, 2020, at 10:41 AM, Roman Lebedev via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>
>
> What i do *NOT* understand is: what is the actual/main goal/driving
> factor of adding an LLVM intrinsic for it?
>
> The use that was mentioned is crypto, and i'm personally not really
> registering anything else. Am i just misreading it?
> The crypto use-case doesn't make sense to me, because
> as of this moment LLVM "explicitly" has zero constant-time
> guarantees for LLVM IR instructions/intrinsics.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200709/80863647/attachment.html>
More information about the llvm-dev
mailing list