Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Something I've been worried a bit about with RISC-V, hopefully someone can tell me why I'm wrong. If I were implementing some cryptography in assembly on x86 or ARM I would make every effort to avoid branches and use conditional moves instead so as to be more resistant to timing attacks. Is this actually a common technique in computer security? And does RISC-V suffer from not having conditional moves?


RISC-V is technically an ISA with a reference implementation. In theory and practice, it can be implemented as a low-power micro controller or augmented with additional instructions to play in the supercomputer space. Processors simply cannot avoid conditional moves, but they can choose not to speculatively execute after a jump before it knows the result of the jump condition.


It'd be better to implement it with accumulation rather than conditional moves on all of those other platforms anyway.

You can have branches, you just need to take the same branches regardless of the input.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: