How to slow down a program and why it can be useful

(stefan-marr.de)

125 points todsacerdoti | 1 comments | 27 Aug 25 11:38 UTC | HN request time: 0s | source

Show context

adrian_b ◴[27 Aug 25 14:05 UTC] No.45039915[source]▶

In my opinion, NOP and MOV, which are recommended in TFA for slowing down, are the worst possible choices.

The authors have tested a rather obsolete CPU, with a 10-year-old Skylake microarchitecture, but more recent Intel/AMD CPUs have special optimizations for both NOP and MOV, executing them at the renaming stage, well before the normal execution units, so they may appear to have been executed in zero time.

For slowing down, one could use something really slow, like integer division. If that would interfere with the desired register usage, other reliable choices would be add with carry or perhaps complement carry flag. If it is not desired to modify the flags, one can use a RORX instruction for multiple bit rotation (available since Haswell, but not in older Atom CPUs), or one could execute BSWAP (available since 1989, therefore it exists in all 64-bit CPUs, including any Atom).

replies(5): >>45040023 #>>45040643 #>>45040766 #>>45040790 #>>45042365 #

api ◴[27 Aug 25 15:09 UTC] No.45040790[source]▶

>>45039915 #

There's a whole niche in cryptography called verifiable delay functions (VDFs) if you want a big rabbit hole to go down.

The idea is that these are unavoidably slow and preferably non-parallelizable to compute one way, but fast or near instantaneous to verify the result. Examples include the Weslowski VDFs based on similar math to RSA, MIMC, and the use of zero knowledge proofs to provide proof of slow computations.

replies(2): >>45041737 #>>45042543 #

1. thfuran ◴[27 Aug 25 16:23 UTC] No.45041737[source]▶

>>45040790 #

For this purpose though, computation should be minimized to avoid spilling registers and having more complicated performance side effects than just the intended direct delay.

↑