[2230] in cryptography@c2.net mail archive
Re: DES, MMX, and FPGAs
daemon@ATHENA.MIT.EDU (Andreas Bogk)
Mon Mar 2 17:04:30 1998
Date: Mon, 2 Mar 1998 22:48:59 +0100
From: Andreas Bogk <andreas@telekom.artcom.de>
To: "Trei, Peter" <ptrei@securitydynamics.com>, cryptography@c2.net
In-Reply-To: <6B5344C210C7D011835C0000F8012766010035E7@exna01.securitydynamics.com>; from Trei, Peter on Mon, Mar 02, 1998 at 04:15:58PM -0500
On Mon, Mar 02, 1998 at 04:15:58PM -0500, Trei, Peter wrote:
> With a configurable chip, the software can
> calculate the
> subkey values once, and the data-processing
> circuitry
> can be optimized for those specific subkeys.
> This
> approach allows the subkey-scheduling hardware
> to be
> completely removed from the system. These
This is true if you are doing bulk encryption. For key search, you'll
have to do the key schedule. But that's not a great loss, it'll only
cost you flip-flops. And we're not short of them.
> There may be better ways; a lot of work has been done on s-box
> logic for Eli Biham's 'bitslice' DES algorithm, which may enable
> us to reduce the number of gates required quite substantially.
Bitslicing is only applicable to generic CPUs. On a FPGA, all you do
is on bit-level and parallel. Remember, DES was designed to be fast in
generic logic. And FPGAs are nearly generic logic.
> Wiener's key scheduling logic is very overcomplicated, and can
> be greatly
> simplified. You really only need a 56 bit latch at each round (I
> think I have the
> terminology correct)
I don't have the Wiener paper handy, but I don't see why the key schedule
should need anything besides 56 latches.
> We can win even more with reconfigurable logic is by 'compiling
> in' parts
> of the key which change only slowly, and reloading the chip
> whenever they
> do change. This is similar to the approach in the above cited
> paper.
This doesn't win you much. The flip-flops aren't the limiting factor,
at least right now. And reloading the chip means recompiling the VHDL
code, and this takes long and is clumsy (Windoze GUI software, if you
have bad luck) .
> > The FPGA I target with my implementation is the Altera FLEX10k100,
> > which
> > has 4992 LEs and 5392 flip-flops (you'll need at least 120 per stage
> > for
> > registers for data and key). That should fit.
> Wiener claims 2164 flip flops.
There are of course some additional registers for plaintext, ciphertext,
your key accumulator etc.
Andreas
--
Top ten resons why SGI sucks, No. 2:
"Assertion failed in file "../../c++runtime/throw.cxx", line 841
Abort (core dumped)" -- IRIX 6.2 run time library
