C3 Nehemia C5P with better hardware RNG and AES support
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Oct 23 21:23:14 PDT 2003
"Lucky Green" <shamrock at cypherpunks.to> writes:
>Peter wrote:
>> In case anyone's interested, there's a cpu die photo at
>> http://www.sandpile.org/impl/pics/centaur/c5xl/die_013_c5p.jpg
>> showing the amount of real estate consumed by the crypto functions
>> (it's the bottom centre, a bit hard to read the label).
>
>I fail to understand why VIA bothered adding AES support into the CPU. When
>was AES last the bottleneck on a general-purpose CPU?
Apart from the obvious "what cool thing can we fit in -> <- this much spare
die space?", the obvious target is SOHO routers/firewall boxes. My spies tell
me that it's already being used in a number of products like this, and the
addition of AES will help the process. Hardware SHA-1 in the next rev makes
it even better, since you can now do IPsec and SSL tunneling purely in
hardware (and then you lose it all again in the crappy Rhine II NIC, but
that's another story).
>The bottleneck tends to be modular exponentiations, yet VIA failed to include
>a modular exponentiation engine. Strange.
Not for SOHO use it isn't, the initial handshake overhead is negligible
compared to the constant link encryption overhead. The alternative is to do
the crypto externally, for which you're paying for an expensive and power-
hungry crypto core capable of doing a zillion DH/RSA ops/sec that gets used
once every few hours. The alternative is to load or load your standard
firewall firmware into a Nehemiah and offload all the crypto and RNG stuff.
Peter.
More information about the cypherpunks-legacy
mailing list