FW: on FPGAs vs ASICs

Major Variola (ret) mv at cdc.gov
Mon Mar 21 18:34:07 PST 2005 

At 05:44 PM 3/20/05 -0500, Tyler Durden wrote:
>What I suspect is that there's already some crypto net processors out
there,
>though they may be classified, or the commercial equivalent (ie, I
assume
>there are 'classified' catalogs from companies like General Dynamics
that
>normal clients never see).

I've programmed (well, microcoded) the Intel IXA family.   Some variants

of that family can do line-rate AES.  They can handle insane line rates,
thanks
to hardware everything and an array of hyperthreaded RISCs.   Not
at all classified.


At 09:49 AM 3/21/05 -0500, Trei, Peter wrote:
>One of the interesting twists of FPGAs is that you can
>optimize the circuit to the actual data being processed.
>For example, in DES keysearch you could hardwire into
>the circuit some of the subkey bits (which were determined
>by, say, high order key bits you rarely changed), thus
>simplifying the circuit. When those bits changed, you
>re-wrote the circuilt.

Its quite possible that reconfigurability is part of the future.
Your N-way x86 die will come with a few hundred thou reconfigurable
gates, which you'll reconfigure to do your Photoshop or MPEG
or rendering or speech recognition or modular exponentiation
tasks.   Obviously this is a big change and there's a lot of software
support required (from OS to app) to make it happen.  Also
there are fascinating tech problems in coupling the reconfig hardware
to high bandwidth data flows, required to keep it busy.  But the
benefits
are substantial.

Tangentially,
I should note that there are "modes of encryption" which can be scaled
infinitely
with parallel hardware; they use interleaved blocks so each chip sees
every Nth
block of the real stream.  So high clock rates are not required to
crypt.

It seems that hashing can be parallelized that way too, run a hash-chip
on
every Nth bit, and hash those partial results.   Both ends have to agree

on the N-way division (as with the infinitely scalable crypto) but
that's all.
With regular hashing (and attacks thereof that require grinding out a
lot
of hashes in order to find a collision, to go back to the original
topic)
single-chip parallel hardware hacks could speed things up, but (given
that modern hashes
are designed for CPUs, like AES) I don't ever expect to see DESCrack
like
gains there.

And while TD keeps alluding to the DESCrack suitcase, I'll point out
that a GSM Cracker
could fit in your carry-on luggage nowadays.   Every 'embassy' ought to
have one :-)

More information about the cypherpunks-legacy mailing list