FW: on FPGAs vs ASICs

[Tyler Durden]

How much off-the-shelf crypto IP is available to be plopped on a crypto net 
processor? Are their stego detection/cracking Development kits and so on?

-TD

>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
>Subject: Re: FW: on FPGAs vs ASICs
>Date: Mon, 21 Mar 2005 18:34:07 -0800
>
>At 05:44 PM 3/20/05 -0500, Tyler Durden wrote:
> >What I suspect is that there's already some crypto net processors out
>there,
> >though they may be classified, or the commercial equivalent (ie, I
>assume
> >there are 'classified' catalogs from companies like General Dynamics
>that
> >normal clients never see).
>
>I've programmed (well, microcoded) the Intel IXA family.   Some variants
>
>of that family can do line-rate AES.  They can handle insane line rates,
>thanks
>to hardware everything and an array of hyperthreaded RISCs.   Not
>at all classified.
>
>
>At 09:49 AM 3/21/05 -0500, Trei, Peter wrote:
> >One of the interesting twists of FPGAs is that you can
> >optimize the circuit to the actual data being processed.
> >For example, in DES keysearch you could hardwire into
> >the circuit some of the subkey bits (which were determined
> >by, say, high order key bits you rarely changed), thus
> >simplifying the circuit. When those bits changed, you
> >re-wrote the circuilt.
>
>Its quite possible that reconfigurability is part of the future.
>Your N-way x86 die will come with a few hundred thou reconfigurable
>gates, which you'll reconfigure to do your Photoshop or MPEG
>or rendering or speech recognition or modular exponentiation
>tasks.   Obviously this is a big change and there's a lot of software
>support required (from OS to app) to make it happen.  Also
>there are fascinating tech problems in coupling the reconfig hardware
>to high bandwidth data flows, required to keep it busy.  But the
>benefits
>are substantial.
>
>Tangentially,
>I should note that there are "modes of encryption" which can be scaled
>infinitely
>with parallel hardware; they use interleaved blocks so each chip sees
>every Nth
>block of the real stream.  So high clock rates are not required to
>crypt.
>
>It seems that hashing can be parallelized that way too, run a hash-chip
>on
>every Nth bit, and hash those partial results.   Both ends have to agree
>
>on the N-way division (as with the infinitely scalable crypto) but
>that's all.
>With regular hashing (and attacks thereof that require grinding out a
>lot
>of hashes in order to find a collision, to go back to the original
>topic)
>single-chip parallel hardware hacks could speed things up, but (given
>that modern hashes
>are designed for CPUs, like AES) I don't ever expect to see DESCrack
>like
>gains there.
>
>And while TD keeps alluding to the DESCrack suitcase, I'll point out
>that a GSM Cracker
>could fit in your carry-on luggage nowadays.   Every 'embassy' ought to
>have one :-)