[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Tom Mitchell
mitch at niftyegg.com
Mon Nov 2 20:41:10 EST 2015
On Mon, Oct 26, 2015 at 7:07 AM, Christian Huitema <huitema at huitema.net>
wrote:
> On Sunday, October 25, 2015 10:33 PM, Rob Meijer wrote:
>
> > 2015-10-25 2:35 GMT+01:00 Ray Dillinger <bear at sonic.net>:
> >
> >> I would be in favor of an extended standard for "Crypto C" such
> >> that
>
...
> In the sample, the compiler could perform the optimizations safely
Writing compiler systems is a competitive event!
Any benchmark pattern will be gamed.
The notion of safety is ill defined so far in this discussion.
Any advantage that can be discovered will be acted on
(both by compiler authors and by attackers).
As far as safety is concerned one attack on a secret system is
the timing of actions based on input. A "safe" system would have
little or no variance but wall time is the most common area of
compiler work. Performance cannot be ignored simply because
a slow system may be displaced by a quicker protocol that is
less worthy.
The only solutions I know to address this are:
*) to craft benchmarks of computer languages that test and validate code
that matters.
*) design a special purpose language, test and benchmark.
*) eliminate actors that fiddle with the code at all levels.
*) vigilance
On some systems a runtime link loader or system link loader may inspect code
and because it can see all the moving parts and raid functions in an object
to inline based on cache size and other system knowledge.
Some system objects like init and sh can be fully linked and distributed
with no symbols. N.B. Today even the kernel is linked and reloaded as
needed.
A fully linked object can still be analyzed by a JIT runtime compiler
system.
Some systems do scan objects for runtime bugs and edit the object
at the time it is loaded into memory.
The VW Diesel CO2/NO emission gamesmanship are a current example that
proves my point that this is a competitive event.
A partial solution is the one Knuth took with TeX. He used a subset
of a version of Pascal to craft TeX (tangle, web, weave). By using a
minimum
subset of a language including formatting and optional syntax he simplified
much of his work.
Minimization can be extended to assembly language and calling conventions.
A possibly better solution is to start over and design something like Magic
1
(http://www.homebrewcpu.com/) where the hardware, compiler, os was as
minimum as a single individual could grock. While impractical this shows
that
much of the collection of moving parts in a modern system is extra and
a minimum system could serve as a touchstone.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151102/3839f604/attachment.html>
More information about the cryptography
mailing list