← Back to context

Comment by mswphd

8 hours ago

note that similar concepts appear in mathematics. Generally the term for it is a "mollified" function.

applied to the step function, you would get a smooth cutoff function

https://en.wikipedia.org/wiki/Mollifier#Smooth_cutoff_functi...

this is also related somewhat to the notion of differentiable programming. RELU is (roughly) the same as x * step(x). In differentiable programming one can replace it with smooth approximations, cf "softplus"

https://arxiv.org/pdf/2403.14606

That book also has a chapter on control flow, which is very similar to what you're talking about.

Unrolling an if statement into x = b (result of one branch) + (1-b) (result of the other branch) is also incredibly common in cryptography. If `b` is a "secret" variable, an if statement may leak the value of it via the branch predictor/speculative execution. The way around this is to compute both branches, and then select them with the above arithmetic expression. This mostly works, though compilers are tediously smart, and so one often has to be careful how with how you precisely do it.

Secret data flow should be directly controlled by programming language features. It's ugly that people are resorting to wrestling the compiler using such distant means as purity, applied in roundabout way.

  • there's been some forward movement on doing this via an appropriate intrinsic in LLVM

    https://github.com/llvm/llvm-project/pull/166702

    note that this isn't the only "trick" needed for constant-time programming though. Indexing an array with a secret index needs its own trick, for example.

    I agree that trying to trick the compiler is very ugly. A well-known applied cryptographer has a paper from last year saying that not only is it ugly, but it doesn't work particularly well, and if anything the trendline of the various "tricks" is that they get less effective over time.

    https://eprint.iacr.org/2025/435