Skip to Main content Skip to Navigation
Conference papers

Usuba: high-throughput and constant-time ciphers, by construction

Abstract : Cryptographic primitives are subject to diverging imperatives. Functional correctness and auditability pushes for the use of a high-level programming language. Performance and the threat of timing attacks push for using no more abstract than an assembler to exploit (or avoid!) the micro-architectural features of a given machine. We believe that a suitable programming language can reconcile both views and actually improve on the state of the art of both. Usuba is an opinionated dataflow programming language in which block ciphers become so simple as to be “obviously correct” and whose types document and enforce valid parallelization strategies at the granularity of individual bits. Its optimizing compiler, Usubac, produces high-throughput, constant-time implementations performing on par with hand-tuned reference implementations. The cornerstone of our approach is a systematization and generalization of bitslicing, an implementation trick frequently used by cryptographers.
Document type :
Conference papers
Complete list of metadatas
Contributor : Pierre-Évariste Dagand <>
Submitted on : Monday, July 8, 2019 - 12:38:13 PM
Last modification on : Wednesday, July 10, 2019 - 11:46:46 AM



Darius Mercadier, Pierre-Evariste Dagand. Usuba: high-throughput and constant-time ciphers, by construction. PLDI 2019 - 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, Jun 2019, Phoenix, United States. pp.157-173, ⟨10.1145/3314221.3314636⟩. ⟨hal-02176603⟩



Record views