You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 14
Next »
Status at a glance:
Scalar Crypto Specification:
Lightweight instruction set extensions for RV32 and RV64 HARTs. Proposed extensions:
- Extensions fully defined in the Scalar Crypto Specification: K, Zkn, Zks, Zkr, Zkne, Zknd, Zknh, Zkse, Zksd, Zksh
- Shared with the Bit-Manipulation Specification: Zkg, Zkb
Specification
Encoding/OpCode consistency review
- Opcodes and encodings proposed
- Instruction extensions (instruction groupings) proposed
- Submitted to review task group
- The Bit-Manipulation shared subsets are being reviewed first as part of Bit-Manipulation specification review
- Proposed as Zkg (clmul) and Zkb (specific crypto-required bit-manipulation commands)
- The Proposed Scalar Crypto-unique subsets are next in line for review:
- K (Krypto):
- Zkn (full NIST Suite): ZKne (NIST encrypt suite), ZKnd (NIST decrypt suite), ZKnh (NIST hash suite), Zkg, Zkb (see above)
- Zkr (random entropy source)
- Zks (full ShangMi Suite): Zkse (SM encrypt suite), Zksd (SM decrypt suite), Zksh (SM hash suite), Zkg, Zkb (see above)
Architecture Tests
- Test plan for the scalar-crypto specific instructions is available.
- No actual tests suitable for use currently available. An old experimental set need removing from the riscv-crypto repository, as these no longer work with the latest toolchain or architectural test framework.
- What's next: Currently exploring two paths:
- Imperas have a complete set of tests, written to the existing test plan, for the scalar crypto instructions and the bitmanip instructions we borrow.
- Some work required to re-generate them in a form suitable for merging into the main architectural test suite.
- No exact estimate for how much work this is in days/weeks.
- IIT Madras are looking at writing the scalar crypto tests for integration into the official architectural tests repo as well.
- No estimate for how long that would take yet.
- Possible path forward:
- Ask Imperas to contribute their complete scalar-crypto + bitmanip subset tests.
- IIT Madras can then write the coverage plan for the architectural test framework.
- Any future changes to the contributed tests would need to be carefully managed, as they were not generated with the RISC-V test generator tool.
GCC and Assembler
- Experimental / development toolchain available in the riscv-crypto repository.
- This cannot be up-streamed, but can be used for development work for now.
- Up-streamable support is WiP with PQShield.
- Progress so far:
SAIL
- Currently working on getting support merged in upstream in PR#80
Spike
- Upstream support has been merged in as of PR#635
- Support for all of scalar crypto specific instructions and entropy source.
- The only feature left is to enable the right Bitmanip instructions when K is enabled. Currently, one must include "b" in the spike "–isa=" argument.
- Some pending bug fixes in PR#649
LLVM
- No work started yet.
- Work will be done by PLTC lab under the group contributor model.
QEMU
- No work started yet.
- Work will be done by PLTC lab under the group contributor model.
Proof-of-Concept implementations
Hardware
Project Name | Base Architecture | Level of implementation | Notes |
---|
scarv-cpu | RV32 | Behavioural RTL simulation. Running on FPGA. Post yosys synthesis results. | Completely Public/Open Source. Useful as a public baseline. Commercial implementations should aim to be better than this! |
PQShield security core | RV32 | (assumed) Behavioural RTL simulation. Running on FPGA. | Closed / commercial source. Most complete implementation of the entropy source. |
Romain Dolbeau / VexRISC-V | RV32 | Running on FPGA. | Uses VexRiscv core as a base. Completely independent implementation from scratch, outside the Crypto TG. |
- We still need a RV64 implementation.
- I (Ben) am working on adding support to a toy core of mine, but I don't have much time to dedicate to this.
- Barry Spinney has offered to do advanced node synthesis runs for open source implementations.
- I (Ben) intend to take him up on this when I get time. No idea when that will be.
Software
Project/Maintainer | Description |
---|
Romain Dolbeau | Independent implementations of various important ciphers + modes of operation. |
rvkrypto-fips / Markku | "FIPS 140-3 and higher-level algorithm Tests for RISC-V Crypto Extension" |
riscv-crypto benchmarks | Initial benchmarks used to develop the scalar crypto extension. |
ABI Extensions