[2552] in cryptography@c2.net mail archive
integrated encryption chip
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Tue Apr 21 17:13:44 1998
Date: Mon, 20 Apr 1998 18:47:45 -0400
To: dcsb@ai.mit.edu, cryptography@c2.net, dbs@philodox.com
From: Robert Hettinga <rah@shipwright.com>
Ah. I see the first step towards "micromoney mitochondria" for routers has
happened. ;-).
Anyone know how many bits of 3DES they're talking about here?
Cheers,
Bob Hettinga
--- begin forwarded text
Date: Mon, 20 Apr 1998 18:12:58 -0400
From: Somebody
Subject: integrated encryption chip
To: rah@shipwright.com
MIME-version: 1.0
Bob --
I remember you asking me of feasibility of this about 2 years ago...
Note also colaboration twizt C|Net & Bloomberg -- I own CNWK.
---------------------------------------
Hi/fn ships 3-in-1 crypto chip
By Tim Clark
Staff Writer, CNET NEWS.COM
April 20, 1998, 1:35 p.m. PT
Aiming to accelerate virtual private networks (VPNs), chipmaker Hi/fn is
now shipping an encryption processor that combines compression, encryption,
and authentication on a single chip.
The security chip, called 7711 Encryption Processor, is designed for
routers and other networking equipment to compress and encrypt data without
using the device's main processor, thus improving performance and keeping
data moving faster.
Ascend Communications is already using the new chip, which was available in
test quantities in October, in its Max 6000 remote-access concentrator.
3Com is adding the 7711 processor to its NetBuilder router as an add-on
dual processing engine (DPE) to give companies virtual private network
capabilities and better performance on their existing networks.
Using a separate chip to compress and encrypt data lets a device handle
more concurrent sessions and provide VPN capabilities.
"Our chip increases throughput and the fastest encryption available," said
Steve High, Hi/fn's director of marketing communications. "Instead of
running on the main CPU of the router, encryption and compression are done
on our chip. That allows performance to keep up."
Other chips can encrypt or compress data and can be used in a multichip set
or as a hardware/software combination, in part because encryption
algorithms run faster on a chip than in software. Atalla, for example, a
unit of Tandem/Compaq, offers an encrypt/decrypt chip designed for handling
Internet card payments using the Secure Electronic Transactions (SET)
protocol.
But putting those functions on a single chip results in higher performance,
which is important for companies leasing high-speed T1 or T3 lines that
want to get the full use of the bandwidth. Otherwise that bandwidth is
reduced because a router can't keep up when it's both compressing and
encrypting data. Hi/fn is targeting routers, other network devices, and
VPNs as applications for its chips.
Larry Howard, vice president and analyst at Infonetics Research noted that
a commonly used encryption algorithm, Triple-DES, requires 50 to 100 times
more processing power than straight IP routing. For that reason, he said,
hardware-based VPN solutions provide a critical performance advantage.
Hi/fn's 7711 combines seven compression, encryption, and authentication
algorithm engines on a single chip: Lempel-Ziv-Stac (LZS) and Microsoft
Point-to-Point Compression (MPPC); DES, Triple-DES, and RC4 encryption; and
SHA and MD5 authentication. It also supports the IPSec, SSL/TLS, PPP, and
PPTP networking protocols.
A free 7711 reference design kit is available for manufacturers of routers,
switches, remote access concentrators, and other network equipment to
integrate the chip into their products. The 7711 costs $58 in quantities of
10,000, comes in a 144-pin TQFP package, and is pin-compatible with Hi/fn's
9711 compression coprocessor. It operates on a 3-V supply with a typical
power dissipation of 0.5 W, and all input and output pins are 5-V tolerant.
<somebody's .sig>
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
