FW: on FPGAs vs ASICs

Jack Lloyd lloyd at randombit.net
Tue Mar 22 09:42:04 PST 2005


On Mon, Mar 21, 2005 at 06:34:07PM -0800, Major Variola (ret) wrote:

> Tangentially, I should note that there are "modes of encryption" which can be
> scaled infinitely with parallel hardware; they use interleaved blocks so each
> chip sees every Nth block of the real stream.  So high clock rates are not
> required to crypt.

Counter mode works this way, and is a fairly common mode in any case.

> It seems that hashing can be parallelized that way too, run a hash-chip on
> every Nth bit, and hash those partial results.  Both ends have to agree on
> the N-way division (as with the infinitely scalable crypto) but that's all.

Depending on the interconnect it would probably be faster to do it in blocks of
8-64k, doing it a bit at a time would eat your standard PCI bus alive.

There are message authentication modes which can scale 'infinitely' (assuming a
sufficiently long message), and don't depend on the number of functional units,
so for example I could generate a MAC using my regular single core CPU and you
could verify it on a machine with N functional units with a cooresponding
speedup of N (modulo some fixed per-message overhead) without us having to
agree on anything in advance. For example there is the MAC used in Rogoway's
OCB. Unfortunately most (all?) of these algorithms have been patented.

-Jack





More information about the cypherpunks-legacy mailing list