FW: on FPGAs vs ASICs

Trei, Peter ptrei at rsasecurity.com
Mon Mar 21 06:49:12 PST 2005

>From Major Variola (ret)

> Tyler, Riad, etc:
> FPGAs are used in telecom because the volumes do not support an ASIC
> run.
> Riad doesn't seem to appreciate this.  He does understand that an ASIC
> is more
> efficient because its gates are used only for 1 computation, 
> rather than
> most
> (FPGA) gates being used for reconfigurability ---useful if you can't
> afford
> an ASIC run (a million bucks a mask...) or if algorithms get tweaked
> (eg you release before the Spec comes out, or you are shooting for
> time-to-market).  Clockwise an FPGA wastes time in extra wire routing
> although since an FPGA may be made in state of the art processes,
> and your ASIC may not, its a complex tradeoff.  (Albeit some circuit
> topologies
> work very well on FPGAs)
> So for the Cypherpunk wanting hardware (vs cluster) 
> acceleration, FPGAs
> are the way to go.  For TLAs, you prototype in FPGAs of course, and
> then make some chips in your private fab.  (Same for Broadcom, etc.)
> For someone making 10,000 routers, you use FPGAs.
> DESCrack was solving a problem for which the x86 is not very efficient
> at computing --all the sub-byte bit-diddling-- and hardware is very
> efficient
> (by design in DES, after all).

Indeed, during the initial DESCrack effort, I spent some time
investigating FPGAs. I came to the conclusion that it was
definitely possible to build a Weiner-style pipeline machine
(ie, one key tested per clock cycle), but it would be more
costly than I could afford. 

One of the interesting twists of FPGAs is that you can
optimize the circuit to the actual data being processed. 
For example, in DES keysearch you could hardwire into
the circuit some of the subkey bits (which were determined
by, say, high order key bits you rarely changed), thus
simplifying the circuit. When those bits changed, you
re-wrote the circuilt.

Peter Trei

More information about the cypherpunks-legacy mailing list