[4088] in cryptography@c2.net mail archive
Re: Pop Count Instruction and crytanalysis
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Thu Jan 28 16:00:16 1999
To: "Jitze Couperus" <jcouperus@creativeis.com>
Cc: cryptography@c2.net, "MCKAY john" <mckay@cs.concordia.ca>
Date: Thu, 28 Jan 1999 15:35:04 -0500
From: Steve Bellovin <smb@research.att.com>
In message <003901be4af4$ea5b9a20$f804b381@jitze.svl.cdc.com>, "Jitze Couperus"
writes:
> John Mckay wrote:
>
> About the "sideways add" or pop-count instruction - indeed
> Seymour Cray's first supercomputer (the Control Data 6600)
> sported such an instruction, as did all subsequent Control
> Data machines until the advent of the 180 series in the mid
> '80s.
>
...
>
> We always wondered what such an instruction might be useful for -
> until one of the first of the 180 series (n'th generation successor
> to the 6600) was delivered to such a customer, and cries of
> anguish erupted that this machine didn't have such an instruction.
> We scrambled and had to create a very tight code sequence within the
> instruction stack that could be generated via a Fortran intrinsic
> function.
For years, I had heard the story about NSA liking that instruction.
But I never understood why, until I started working on plaintext recognizers,
and independently derived the need for it. See, for example,
http://www.research.att.com/~smb/papers/probtxt.ps.
There are other instruction types that are useful for cryptanalysts.
The CDC Star had a lovely set of vector operations under masks. And
the Harvest add-on to the IBM 7030 (Stretch), described in a book by
Buchholz ("Planning a Computer System", McGraw-Hill, 1962) was intended
for NSA as well.
