Constructive and destructive use of compilers in elliptic curve cryptography

Although cryptographic software implementation is often performed by expert programmers, the range of performance and security driven options, as well as more mundane software engineering issues, still make it a challenge. The use of domain specific language and compiler techniques to assist in description and optimisation of cryptographic software is an interesting research challenge. In this paper we investigate two aspects of such techniques, focusing on Elliptic Curve Cryptography (ECC) in particular. Our constructive results show that a suitable language allows description of ECC based software in a manner close to the original mathematics; the corresponding compiler allows automatic production of an executable whose performance is competitive with that of a hand-optimised implementation. In contrast, we study the worrying potential for naïve compiler driven optimisation to render cryptographic software insecure. Both aspects of our work are set within the context of CACE, an ongoing EU funded project on this general topic

On the automatic construction of indistinguishable operations

An increasingly important design constraint for software running on ubiquitous computing devices is security, particularly against physical methods such as side-channel attack. One well studied methodology for defending against such attacks is the concept of indistinguishable functions which leak no information about program control flow since all execution paths are computationally identical. However, constructing such functions by hand becomes laborious and error prone as their complexity increases. We investigate techniques for automating this process and find that effective solutions can be constructed with only minor amounts of computational effort.Fundação para a Ciência e Tecnologia - SFRH/BPD/20528/2004

Loop transformations in the ahead-of-time optimization of Java bytecode

Loop optimizations such as loop unrolling, unfolding and invariant code motion have long been used in a wide variety of compilers to improve the running time of applications. In this paper we present a series of experimental results detailing the effect these techniques have on the running time of Java applications following ahead of time optimization. We also detail the optimization tools and transformations developed for this paper which extend the SOOT framework discussed in a number of previous papers on the subject. Our experimentation, conducted on the SciMark 2.0 benchmarking suite, demonstrates that when optimized using the techniques mentioned, Java applications can benefit from performance improvements of up to 20%. We finish with a discussion of the results obtained, including results on how the optimizations affect JIT compilation and class size and proceed to argue that ahead-of-time loop unrolling and unfolding optimization may have a role to play in improving the performance of Java applications, particularly in scientific applications

Subrecursive Program Schemata I and III. Undecidable Equivalence Problems and II. Decidable EquivalenceProblems

The study of program schemata and the study of subrecursive programming languages are both concerned with limiting program structure in order to permit a more complete analysis of algorithms while retaining sufficiently rich computing power to allow interesting algorithms. In this paper we combine these approaches by defining classes of subrecursive program schemata and investigating their equivalence problems. Since the languages are all subrecursive, any scheme written in any one of them must halt (as long as we assume the basic functions and predicates are all total). Hence equivalence of schemes is the first question of interest we can ask about these languages. We consider schematic versions of various subrecursive programming languages similar to the Loop language. We distinguish between Pre-Loop and Post-Loop languages on the basis of whether the exit condition in an iteration loop is tested before iteration, as in Algol (Pre-), or after iteration, as in FORTRAN (Post-). We show that at the program level all these languages have the same computing power (the primitive recursive functions) and all have unsolvable equivalence problems (of arithmetic degree $\Pi^{0}_{1}$). But at the level of schemes, Pre-Loop has an unsolvable equivalence problem, while at least one formulation of Post-Loop has a solvable equivalence problem. If L is a programming language or scheme language, then we denote by E(L) the equivalence problem in L. The basic languages considered are: Loop ($\equiv$ Pre-Loop) - Loop language for primitive recursive functions. Post-Loop - Post-Loop language for primitive recursive functions. Loop$_{\Diamond}$ - Loop language with restricted conditionals. L [D, ()] - Loop schemata over D with identity. L$_{\Diamond}$ [D, ()] - Loop schemata with conditionals. PL [D, ()] - Post-Loop schemata over D. PL$_{\Diamond}$ [D, ()] - Post-Loop schemata with conditionals. P - Program (flowchart) schemata. P$_{d}$ - Program schemata with DO-statements. In contrast to (pure) Loop schemata studied previously by the first author, some of these languages contain the identity function so that a pure data transfer, $X \leftarrow Y$, is possible. Moreover, the equivalence algorithms given here are for the special case of linear schemes (to be defined below) with monadic function variables. Linear schemes are designated by placing L before the name of the more general class, thus LL for linear Loop, LPL for linear Post-Loop, etc. In all schemes considered here the functions are monadic, so no special designation of function rank is provided. It is well known that E(P) is recursively unsolvable and E(P) $\in \Pi^{0}_{2}$. We show that E(Loop), E(Post-Loop), E(L$_{\Diamond}$) (both with and without the pure data transfer), and E(L) are recursively unsolvable, while E(LPL) is recursively solvable. The extension of the equivalence algorithm for LPL to polyadic functions appears at present to be a tedious but straightforward modification to the monadic algorithm. We are hopeful that a simpler and more generally applicable technique will emerge for demonstrating solvability or unsolvability of this class of equivalence problems. The algorithm and proofs given here are but a crude first step in delimiting this problem

Static Analysis of Dynamic Schedules and its Application to Optimization of Parallel Programs ⋆

Abstract. Effective optimizations for concurrent programs require the compiler to have detailed knowledge about the scheduling of parallel tasks at runtime. Currently, optimizations for parallel programs must define their own models and analyses of the parallel constructs used in the source programs. This makes developing new optimizations more difficult and complicates their integration into a single optimizing compiler. We investigate an approach that separates the static analysis of the dynamic runtime schedule from subsequent optimizations. We present three optimizations that are based on the information gathered during the schedule analysis. Variants of those optimizations have been described in the literature before but each work is built upon its own highly specialized analysis. In contrast, our independent schedule analysis shows synergistic effects where previously incompatible optimizations can now share parts of their implementation and all be applied to the same program.