REPOST: Re: High Bandwidth Mixing Cipher Chips
Date: 28 Oct 2005 12:23:25 -0700
> > So I repeat that the design is not well suited for hardware
> > implementation.
> > Tom
> Have you ever taken a cypher, written it in a HDL, programmed a FPGA
> and had it working?
> yes [ ]
> no [ ]
> dunno [ ]
I worked for a firm which developed crypto accelerators in Verilog.
While I'm not an EE myself I did spend quite a bit of time working with
them on the "making things fit" side. I helped develop parts of some
upcoming [bignum ALU] projects, I've listened to customers bitch and
whine over 5k gates, etc...
Put it this way, the average customer we had for networking wanted
>10Gbps with less than a half million gates doing GCM. So not just some half-ass broken cipher but a full AES and GF multiplier. Oh and it was full-duplex.
I'm also the author of the CS^2 block cipher [search iacr.org for it].
which is a fraction the size of this mixed-network stuff.
Lets throw some numbers out there shall we ...
>>From my Toorcon talk [these are public knowledge]. The Bignum ALU I
helped design at the firm could hit ~260K cycles at 200Mhz in less than
a million transistors for RSA-1024 decrypt operations. It was ~170K
gates. That's seven times more clock efficient than an AMD64 and
1/70th the size [thereabouts].
So when you say you have a 500K gate block cipher and I question it ...
it's for good reason. Gates aren't cheap and a professional would
========= WAS CANCELLED BY =======:
Control: cancel <firstname.lastname@example.org>
Subject: Cancel "Re: High Bandwidth Mixing Cipher Chips"
Date: Fri, 28 Oct 2005 16:51:36 GMT
NNTP-Posting-Host: 220.127.116.11 (18.104.22.168)
NNTP-Posting-Date: Fri, 28 Oct 2005 22:17:15 +0200