This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Recently, a memory safety mechanism called Cryptographic Capability Computing (C3) [LRD+21] has been proposed. C3 aims to provide a generic low-overhead solution against long-lasting memory safety problems. In particular, it hardens compute systems against attackers that exploit software bugs and vulnerabilities like buffer overflows, use-after-free etc. C3 provides memory safety by encrypting each pointer and associated data object. It keeps each object encrypted throughout the memory hierarchy, from L1 to L3 to DRAM. The objects are decrypted only at the time of execution. More specifically, the ld pipeline in-between data-cache (L1) and execution-unit computes both pointer-decryption and data-decryption. C3 has demonstrated significantly enhanced memory protection with less than 1% performance overhead. To achieve this, C3 heavily relies on ultra low-latency cryptographic primitives.
In this talk, we present a brief-overview of C3 as an emerging application and focus on investigating low-latency aspects of existing cryptographic primitives. We revisit existing NIST-standards, AES and SHA3, and show the critical-path and corresponding latency in an advanced technology node [ea17]. Then we analyze the underlying primitives of NIST LWC finalists and their expected critical-paths. Further, we analyze a few lightweight primitives outside the NIST LWC finalists and present a latency comparison. Our results show that the underlying primitives of some NIST LWC finalists provide 3x lower latency with 2.5x lower total die-area.
Lightweight Cryptography Workshop 2022Starts: May 09, 2022
Security and Privacy: cryptography