Re: Crypto hardware (was: Using sound cards to accelerate RSA?)
At 1:49 AM 9/29/95, Douglas Barnes wrote:
[Tim May writes about why crypto h/w acceleration using DSPs, and DSPs in general, are likely doomed niche markets.]
I pretty much agree with Tim, except it's important to realize that a for a _server_ that is doing a lot of RSA operations, the difference between a 3.2 second encryption and a 1.9 second encryption is significant. Peak transaction volume for any public key-based payment system is going to be a factor of how many RSA ops you can do per second.
I don't disagree with Doug about this. But I don't think there are many "server" systems running a lot of RSA at this point...for most of us, the amount of RSA (or PGP, IDEA, DES, etc.) computation is a tiny fraction of the total computons consumed running screen savers. I'm just not convinced I'll soon invest in a company offering RSA acceleration. (I recall seeing articles about specialized modular exponentiation hardware in 1988, and Cylink was offering several such chips. I've yet to see any commercial boards, for reasonable prices. And I'm willing to be that no more than 3 members of our list would buy such a board, even if the hooks were in place to let PGP, RSAREF, etc. use it. Just a hunch.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
Timothy C. May writes:
At 1:49 AM 9/29/95, Douglas Barnes wrote:
[Tim May writes about why crypto h/w acceleration using DSPs, and DSPs in general, are likely doomed niche markets.]
I pretty much agree with Tim, except it's important to realize that a for a _server_ that is doing a lot of RSA operations, the difference between a 3.2 second encryption and a 1.9 second encryption is significant.
I don't disagree with Doug about this. But I don't think there are many "server" systems running a lot of RSA at this point. [...] for most of us, the amount of RSA (or PGP, IDEA, DES, etc.) computation is a tiny fraction of the total computons consumed running screen savers.
And if problems like this don't get solved, how do you expect digital online banking to be done? Psychic quantum transfers between the machines? What do you think a bank in the future is, if not a server that has to do lots and lots of RSA or D-H or what have you? Sorry for being nasty, Tim. Its just that some of us live in the real world, have real clients, and actually worry about this as a problem. This *is* a legitimate problem. Consider what the load on a web site using D-H key exchange for every connection gets like when you have millions of people hitting it every day.
(I recall seeing articles about specialized modular exponentiation hardware in 1988, and Cylink was offering several such chips. I've yet to see any commercial boards, for reasonable prices. And I'm willing to be that no more than 3 members of our list would buy such a board, even if the hooks were in place to let PGP, RSAREF, etc. use it. Just a hunch.)
You obviously haven't heard of Fortezza cards. Yup, they are key escrowed -- but they do in fact do public key operations on board. There are a lot of them floating around. The reason the market for this is weird is the same reason Sun took the DES chips off its motherboards years ago -- you can't conduct modern business with the fucked up export regime we are dealing with. .pm
On Thu, 28 Sep 1995, Perry E. Metzger wrote:
world, have real clients, and actually worry about this as a problem. This *is* a legitimate problem. Consider what the load on a web site using D-H key exchange for every connection gets like when you have millions of people hitting it every day.
This is the problem I was concerned about (actually RSA rather than D-H). In HTTP-NG, in addition to supporting PK for key exchanges and authentications, there is now support that allows most values used in the protocol to be signed. Now that non repudiability is becoming legally significant, there are all sort of things that either party might want to have signed, for example negotiation options (e.g. wont-log-transactions) and meta-information (e.g. kidcode: NC-17,barney-boffing). More clients and more signings means that conventional chips arent't going to be economical for this. [stuff on hardware]
The reason the market for this is weird is the same reason Sun took the DES chips off its motherboards years ago -- you can't conduct modern business with the fucked up export regime we are dealing with.
That's another question. A DSP chip can also be used for crypto - yet sound cards and nexts aren't ITARed, and aren't really considered dual-use. A Modular exponentiator isn't a crypto device (hey - it's a bignum accelerator for Mathematica). Now, if I had a pipelined WSI chip capable of delivering one result per cycle, I could think of some useful applications, but ... Simon
participants (3)
-
Perry E. Metzger -
Simon Spero -
tcmay@got.net