In computer architecture, 512-bit integers, memory addresses, or other data units are those that are 512 bits wide. Also, 512-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size.
There are currently no mainstream general-purpose processors built to operate on 512-bit integers or addresses, though a number of processors do operate on 512-bit data. As of 2013, the Intel Xeon Phi has a vector processing unit with 512-bit vector registers, each one holding sixteen 32-bit elements or eight 64-bit elements, and a single instruction can operate on all these values in parallel. However, the Xeon Phi's vector processing unit does not operate on individual numbers that are 512 bits in length.
AVX-512 are 512-bit extensions to the 256-bit Advanced Vector Extensions SIMD instructions for x86 instruction set architecture (ISA) proposed by Intel in July 2013, and supported in Intel's Xeon Phi x200 (Knights Landing) and Skylake-X CPUs; this includes the Core-X series (excluding the Core i5-7640X and Core i7-7740X), as well as the new Xeon Scalable Processor Family and Xeon D-2100 Embedded Series.AVX-512 is not the first 512-bit SIMD instruction set that Intel has introduced in processors: the earlier 512-bit SIMD instructions used in Xeon Phi coprocessors, derived from Intel's Larrabee project, are similar but not binary compatible and only partially source compatible.AVX-512 consists of multiple extensions that are not all meant to be supported by all processors implementing them. This policy is a departure from the historical requirement of implementing the entire instruction block. Only the core extension AVX-512F (AVX-512 Foundation) is required by all implementations.Advanced Vector Extensions
Advanced Vector Extensions (AVX, also known as Sandy Bridge New Extensions) are extensions to the x86 instruction set architecture for microprocessors from Intel and AMD proposed by Intel in March 2008 and first supported by Intel with the Sandy Bridge processor shipping in Q1 2011 and later on by AMD with the Bulldozer processor shipping in Q3 2011. AVX provides new features, new instructions and a new coding scheme.
AVX2 expands most integer commands to 256 bits and introduces fused multiply-accumulate (FMA) operations. AVX-512 expands AVX to 512-bit support using a new EVEX prefix encoding proposed by Intel in July 2013 and first supported by Intel with the Knights Landing processor, which shipped in 2016.Bremermann's limit
Bremermann's limit, named after Hans-Joachim Bremermann, is a limit on the maximum rate of computation that can be achieved in a self-contained system in the material universe. It is derived from Einstein's mass-energy equivalency and the Heisenberg uncertainty principle, and is c2/h ≈ 1.36 × 1050 bits per second per kilogram. This value is important when designing cryptographic algorithms, as it can be used to determine the minimum size of encryption keys or hash values required to create an algorithm that could never be cracked by a brute-force search.
For example, a computer with the mass of the entire Earth operating at the Bremermann's limit could perform approximately 1075 mathematical computations per second. If one assumes that a cryptographic key can be tested with only one operation, then a typical 128-bit key could be cracked in under 10−36 seconds. However, a 256-bit key (which is already in use in some systems) would take about two minutes to crack. Using a 512-bit key would increase the cracking time to approaching 1072 years, without increasing the time for encryption by more than a constant factor (depending on the encryption algorithms used).
The limit has been further analysed in later literature as the maximum rate at which a system with energy spread can evolve into an orthogonal and hence distinguishable state to another, . In particular, Margolus and Levitin has shown that a quantum system with average energy E takes at least time to evolve into an orthogonal state. However, it has been shown that access to quantum memory in principle allows computational algorithms that require arbitrarily small amount of energy/time per one elementary computation step.Eighth generation of video game consoles
In the history of video games, the eighth generation of consoles is the current generation. It includes those released since 2012 by Nintendo, Microsoft, and Sony. For home consoles, the eighth generation began on November 18, 2012, with the release of the Wii U, and continued with the release of the PlayStation 4 on November 15, 2013, and the Xbox One on November 22, 2013. The Wii U was the first to be discontinued — on January 31, 2017 — to make way for Nintendo's second competitor, the Switch, released on March 3, 2017. These video game consoles follow their seventh generation predecessors from the same three companies: Nintendo's Wii, Sony's PlayStation 3, and Microsoft's Xbox 360.
For handheld game consoles, the eighth generation began in February 2011 with the Japanese release of the Nintendo 3DS, the successor to the Nintendo DS. Nintendo has released additional variants in the 3DS family, such as the New Nintendo 3DS and New Nintendo 2DS XL. The successor to last generation's PlayStation Portable (PSP), the PlayStation Vita, was released in Japan in December 2011, and then to Western markets in February 2012. The non-handheld variant of the PlayStation Vita, the PlayStation TV, was released in Japan in November 2013, North America in October 2014, and Europe and Australia in November 2014.In August 2016 and September 2016, Microsoft and Sony respectively both released "slim" revisions of their consoles, the Xbox One S and the PlayStation 4 Slim. The Xbox One S notably added support for HDR video and Ultra HD Blu-ray, while Sony released a software update to add HDR to all existing PlayStation 4 consoles; the PlayStation 4 Slim does not support UHD Blu-ray. Sony released the PlayStation VR, a virtual reality headset compatible with all PlayStation 4 consoles in October 2016. Following this was an upgraded version of the PlayStation 4, the PlayStation 4 Pro, which was released later in November 2016; meanwhile Microsoft also announced an upgraded version of the Xbox One in 2016 under the name Project Scorpio. This would become the Xbox One X, released a year later in November 2017. Both of these consoles were aimed at providing upgraded hardware to support rendering games at up to 4K resolution. Microsoft originally planned to support VR games on the Xbox One X, but despite this Microsoft never realized a VR platform for the Xbox. Phil Spencer, head of Xbox, stated in June 2017 that VR technology was "a few years away from something that will really work” and that Microsoft would instead be focusing their investments on Windows.
In contrast to Microsoft and Sony, Nintendo began to phase out the Wii U in favor of a completely new hardware platform announced in April 2016 as Nintendo NX. This would become the Nintendo Switch, released in March 2017. Being a hybrid between a handheld and a standalone console, it features a tablet-like form factor with detachable wireless controllers and can be placed in a docking station for use with a television. The Switch was highly successful in its first year of sales especially in comparison to its predecessor, the Wii U. In its first year, the Switch sold 3.2 million units in Japan, breaking the yearly record set by the PlayStation 2, and it had already completely outsold the Wii U by January 2018. Based on 4.8 million units sold in the United States by the end of 2017 (with 1.5 million sold in December 2017 alone), Nintendo officially declared that the Switch had outpaced the seventh-generation Wii as the fastest-selling home video game console of all time in the United States.Elbrus 2000
The Elbrus 2000, E2K (Russian: Эльбрус 2000) is a Russian 512-bit wide VLIW microprocessor developed by Moscow Center of SPARC Technologies (MCST) and fabricated by TSMC.
It supports two instruction set architecture (ISA):
Intel x86 (a complete, system-level implementation with a software dynamic binary translation virtual machine, similar to Transmeta Crusoe)Thanks to its unique architecture Elbrus 2000 can execute 20 instructions per clock, so even with its modest clock speed it can compete with much faster clocked superscalar microprocessors when running in native VLIW mode.For security reasons the Elbrus 2000 architecture implements dynamic data type-checking during execution. In order to prevent unauthorized access, each pointer has additional type information that is verified when the associated data is accessed.FREAK
FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or less (so-called RSA_EXPORT keys), with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the Finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.Grøstl
Grøstl is a cryptographic hash function submitted to the NIST hash function competition by Praveen Gauravaram, Lars Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen. Grøstl was chosen as one of the five finalists of the competition. It uses the same S-box as AES in a custom construction. The authors claim speeds of up to 21.4 cycles per byte on an Intel Core 2 Duo.
According to the submission document, the name "Grøstl" is a multilingual play-on-words, referring to an Austrian dish that is very similar to hash (food).
Like other hash functions in the MD5/SHA family, Grøstl divides the input into blocks and iteratively computes hi = f(hi−1, mi). However, Grøstl maintains a hash state at least twice the size of the final output (512 or 1024 bits), which is only truncated at the end of hash computation.
The compression function f is based on a pair of 256- or 512-bit permutation functions P and Q, and is defined as:
f(h, m) = P(h ⊕ m) ⊕ Q(m) ⊕ hThe permutation functions P and Q are heavily based on the Rijndael (AES) block cipher, but operate on 8×8 or 8×16 arrays of bytes, rather than 4×4. Like AES, each round consists of four operations:
AddRoundKey (the Grøstl round keys are fixed, but differ between P and Q)
SubBytes (this uses the Rijndael S-box, allowing sharing with AES implementations)
ShiftBytes (expanded compared to AES, this also differs between P and Q, and 512- and 1024-bit versions)
MixColumns (using an 8×8 matrix rather than Rijndael's 4×4)Unlike Rijndael, all rounds are identical and there is no final AddRoundKey operation. 10 rounds are recommended for the 512-bit permutation, and 14 rounds for the 1024-bit version.
The final double-width hash receives a final output transformation of
Ω(h) = h ⊕ P(h)and is then truncated to the desired width. This is equivalent to applying a final iteration of the compression function using an all-zero message block m, followed by a (cryptographically insignificant) exclusive-or with the fixed constant Q(0).HMAC
In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC. Any cryptographic hash function, such as SHA-256 or SHA-3, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-SHA256 or HMAC-SHA3). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and the size and quality of the key.
HMAC uses two passes of hash computation. The secret key is first used to derive two keys – inner and outer. The first pass of the algorithm produces an internal hash derived from the message and the inner key. The second pass produces the final HMAC code derived from the inner hash result and the outer key. Thus the algorithm provides better immunity against length extension attacks.
An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, SHA-256 operates on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (e.g., 256 and 1600 bits in the case of SHA-256 and SHA-3, respectively), although it can be truncated if desired.
HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key will hash the message again themselves, and if it is authentic, the received and computed hashes will match.
The definition and analysis of the HMAC construction was first published in 1996 in a paper by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, and they also wrote RFC 2104 in 1997. The 1996 paper also defined a variant called NMAC. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC is used within the IPsec and TLS protocols and for JSON Web Tokens.JH (hash function)
JH is a cryptographic hash function submitted to the NIST hash function competition by Hongjun Wu. Though chosen as one of the five finalists of the competition, JH ultimately lost to NIST hash candidate Keccak. JH has a 1024-bit state, and works on 512-bit input blocks. Processing an input block consists of three steps:
XOR the input block into the left half of the state.
Apply a 42-round unkeyed permutation (encryption function) to the state. This consists of 42 repetitions of:
Break the input into 256 4-bit blocks, and map each through one of two 4-bit S-boxes, the choice being made by a 256-bit round-dependent key schedule. Equivalently, combine each input block with a key bit, and map the result through a 5→4 bit S-box.
Mix adjacent 4-bit blocks using a maximum distance separable code over GF(24).
Permute 4-bit blocks so that they will be adjacent to different blocks in following rounds.
XOR the input block into the right half of the state.The resulting digest is the first 224, 256, 384 or 512 bits from the 1024-bit final value.
It is well suited to a bit slicing implementation using the SSE2 instruction set, giving speeds of 16.8 cycles per byte.Kalyna (cipher)
Kalyna (Ukrainian: Калина, Viburnum opulus) is a symmetric block cipher. It supports block sizes of 128, 256 or 512 bits; the key length is either equal to or double the block size.
Kalyna was adopted as the national encryption standard of Ukraine in 2015 (standard DSTU 7624:2014) after holding Ukrainian national cryptographic competition. Kalyna is a substitution-permutation network and its design is based on the Rijndael (AES) encryption function having quite different key schedule, another set of four different S-boxes and increased MDS matrix size.
Kalyna has 10 rounds for 128-bit keys, 14 rounds for 256-bit keys and 18 rounds for 512-bit keys. Independent researchers proposed some attacks on reduced-round variants of Kalyna, but all of them have a very high complexity and none of them are practical.Logjam (computer security)
Logjam is a security vulnerability against a Diffie–Hellman key exchange ranging from 512-bit (US export-grade) to 1024-bit keys. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. It remains suitable for other non-cryptographic purposes, for example for determining the partition for a particular key in a partitioned database.One basic requirement of any cryptographic hash function is that it should be computationally infeasible to find two distinct messages that hash to the same value. MD5 fails this requirement catastrophically; such collisions can be found in seconds on an ordinary home computer.
The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). They are built using the Merkle–Damgård structure, from a one-way compression function itself built using the Davies–Meyer structure from a (classified) specialized block cipher.
SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
SHA-256 and SHA-512 are novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are simply truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4. SHA-2 was published in 2001 by the National Institute of Standards and Technology (NIST) a U.S. federal standard (FIPS). The SHA-2 family of algorithms are patented in US patent 6829355. The United States has released the patent under a royalty-free license.Currently, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256.SHA-256 and SHA-512, and, to a lesser degree, SHA-224 and SHA-384 are prone to length extension attacks, rendering it insecure for some applications. It is thus generally recommended to switch to SHA-3 for 512-bit hashes and to use SHA-512/224 and SHA-512/256 instead of SHA-224 and SHA-256. This also happens to be faster than SHA-224 and SHA-256 on x86-64 processor architecture, since SHA-512 works on 64-bit instead of 32-bit words.SHACAL
SHACAL-1 (originally simply SHACAL) is a 160-bit block cipher based on SHA-1, and supports keys from 128-bit to 512-bit. SHACAL-2 is a 256-bit block cipher based upon the larger hash function SHA-256.
Both SHACAL-1 and SHACAL-2 were selected for the second phase of the NESSIE project. However, in 2003, SHACAL-1 was not recommended for the NESSIE portfolio because of concerns about its key schedule, while SHACAL-2 was finally selected as one of the 17 NESSIE finalists.SMASH (hash)
SMASH is a cryptographic hash function which was created by Lars R. Knudsen. SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.Streebog
Streebog is a cryptographic hash function defined in the Russian national standard GOST R 34.11-2012 Information Technology – Cryptographic Information Security – Hash Function. It was created to replace an obsolete GOST hash function defined in the old standard GOST R 34.11-94, and as an asymmetric reply to SHA-3 competition by the US National Institute of Standards and Technology. The function is also described in RFC 6986.TWINKLE
TWINKLE (The Weizmann Institute Key Locating Engine) is a hypothetical integer factorization device described in 1999 by Adi Shamir and purported to be capable of factoring 512-bit integers. It is also a pun on the twinkling LEDs used in the device. Shamir estimated that the cost of TWINKLE could be as low as $5000 per unit with bulk production. TWINKLE has a successor named TWIRL which is more efficient.Texas Instruments signing key controversy
The Texas Instruments signing key controversy refers to the controversy which resulted from Texas Instruments' (TI) response to a project to factorize the 512-bit RSA cryptographic keys needed to write custom firmware to TI devices.Xmx
In cryptography, xmx is a block cipher designed in 1997 by David
M'Raïhi, David Naccache, Jacques Stern, and Serge Vaudenay. According to the
designers it "uses public-key-like operations as confusion and diffusion means." The
cipher was designed for efficiency, and the only operations it uses are XORs
and modular multiplications.
The main parameters of xmx are variable, including the
block size and key size, which are equal, as well
as the number of rounds. In addition to the key, it also makes
use of an odd modulus n which is small enough to fit in a single block.
The round function is f(m)=(moa)·b mod n, where a and b are
subkeys and b is coprime to n. Here moa represents an operation that
equals m XOR a if that is less than n, and otherwise equals m. This is a simple
invertible operation: moaoa = m. The xmx cipher consists
of an even number of iterations of the round function, followed by a final o
with an additional subkey.
The key schedule is very simple, using the same key for all the multipliers, and
three different subkeys for the others: the key itself for the first half of the
cipher, its multiplicative inverse mod n for the last half, and the XOR of these two
for the middle subkey.
The designers defined four specific variants of xmx:
Standard: 512-bit block size, 8 rounds, n=2512-1
High security: 768-bit block size, 12 rounds, n=2768-1
Very-high security: 1024-bit block size, 16 rounds, n=21024-1
Challenge: 256-bit block size, 8 rounds, n=(280-1)·2176+157Borisov, et al., using a multiplicative form of differential cryptanalysis, found a
complementation property for any variant of xmx, like the first three above, such that
n=2k-1, where k is the block size. They also found large weak key classes
for the Challenge variant, and for many other moduli.