[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can we kill single DES?



At 03:40 AM 10/2/96 +0000, attila wrote:

>
>        no, I certainly do not think hardware in particular is a bad 
>    idea.  
>
>.I assume 
>.that it would be generally straighforward to build a cracking chip that 
>.tries 10 million keys per second, with a great deal of internal parallelism 
>.and pipelining.  
>.
>
>.Now, THAT sounds like a real threat!
>
>        particulary if the design emphasizes unlimited linear extension!  
>
>.An even more ominous configuration would involve perhaps 50 
>.chips per full-length board, seven boards installed in a stripped-down  PC, 
>.which would produce a crack in 4 months average with one system alone.
>.
>        without a doubt, this is the best approach, but you will find
>    the chassis have a mix of ISA and PCI, or in some cases like I
>    specify, they will be EISA and PCI .   

It seems to me that very little communication over the ISA/PCI bus should be 
necessary.  If the Custom/FPGA/Whatever chips are reasonably self-managing, 
you'd just need to query them every second or so to see if they've found a 
solution yet.  (My WAG is that the chips would be initially set up to start 
checking at a particular key, with the decrypt done and the checking for 
equality with the target data done automatically.  If the data is the same 
as the target data, the processor would halt  (possibly setting some sort of 
daisy-chained interrupt?) and wait to be queried by the host processor.  
Otherwise it would increment the key, and try again at 10 million checks per 
second. The whole thing would probably be fully pipelined, for obvious 
reasons.)  

 Putting "N" such chips on a board should be quite doable, with an 
essentially unlimited expandability, possibly in large (10 by 10?  20 by 
20?) arrays, but then you couldn't install it directly as an ISA card.  
Admittedly this is all just trivial layout work, but as you pointed out it 
would be nice if the package was reasonably slick-looking.  Making a 
10-by-10-by-10(card) cube would be theatrical, if nothing else.  (as I 
understand it, immersing the whole thing in a vat of Freon to keep the chips 
cool and watching the thing bubble merrily away is great fun.)

Remember that part of this project may be to bring such a device to a 
Congressional hearing as a prop, and say that "this box can crack a DES 
encrypt in an average of 1.5 months" or something like that.


>        I know where there is a 20 slot PCI passive backplane in a 
>    rack mount for $350 and I think the vendor has P133 cards with 
>    either 128 or 512 M 72 pin slots.  512M is about 4,000 smackaroos
>    at this point.

I wouldn't imagine the power of the host computer would be at all relevant, 
however.  Right?  And DRAM requirements should be, well, fairly small.


>        PCI is much easier to interface than ISA and you have the bus
>    bandwidth to support the processor to co-processor transfer rates.

This confuses me.  Are you anticipating that the host processor would be 
doing a substantial amount of the work?

>        I'm not going to go through the mental masturbation of what DSPs
>    and FNGAs could manage in iterations/second until there is a firmer
>    design, but 350 chain/parallel or tiered chips sounds like it might
>    be more than 10% of the way to a terawhatever.


_IF_ the amount of handshaking needed from the host processor is extremely 
low, there is essentially no limit to how many such processors could be 
attached to even a low-power '386 or so. 


> 
>.So how would all this be done?  First, write a serious proposal for the 
>.project and circulate it among companies with fab capacity.
>
>        disagree, I would not even consider begging at the door of any
>    charitable fab until the design, and probably the layout, is in 
>    the can.  we might find it necessary to expand the trace depending
>    on the capabilities of the offered facilty, thereby by burning 
>    both more power, and reducing our yield per wafer.  
>
>        secondly, circulating a proposal among the hungry pack is
>    shopping around, which is almost always suicidal in raising money
>    and finding manufacturing partners.  they all know each other, and
>    you will end up with a "decision by commitee" and we know
>    committees are always formed to absolve the participants of blame
>    for failing to act, or whatever.

Well, I can't say I have any experience in the area of trying to stir up 
support for a project in this area, but I think it would at least be nice to 
know that there is a willing fab BEFORE the design is completed.  For one 
thing, fabs have small but significant differences in their capabilities.   
Two layers of poly and two of metal are probably more than enough to 
accomplish this, but taking advantage of greater capabilities wouldnt' be 
possible if the design had already been completed.  I'd sure hate to hear, 
"yeah, we can give you a two-layer-metal process, but your 3-layer metal 
design won't fit!"

BTW, I'm not rejecting the idea of using an FPGA.  Other people know a lot 
more about their current capabilities than I do, and if they know a modern 
FPGA will implement a DES crack, great.  The big advantage of an FPGA is 
that it is a relatively high-volume product and it shouldn't be hard to 
either get a donation of them or buy them for a reasonable price.  On the 
other hand, can they really implement all the internal logic required to 
crack DES?  A custom chip would make this trivial, I'd think.


>        on the other hand, I may personally have a rather strong 
>    distaste for selected reviewing, but it does give a taker some-
>    thing to crow about, that he was honoured to float this little 
>    package....  part of this is getting to the 'good-feeling' state
>    where the CEO thinks he will be a hero.

This may be another reason to shop around for the fab early.  Some people 
may be hard to convince, or perhaps they would be willing to help if they 
were given a certain number of months to plan.  

>
>.Likewise, find a politically-sympathetic designer with access to IC 
>.layout software, etc.
>
>        that, and determining what form or methodology will optimize
>    the design itself, are the two criticial first steps.  until that is 
>    resolved,  nothing should be done; and get a provisional layout
>    before finding the big sponser.  

I can see that figuring out the approximate size of the chip, as well as 
power consumption (defines the package, pin count, etc) is important.  


>.The way I see it, there has to be a huge amount of 
>.unused 0.5-0.7 micron IC capacity around the world.
>.
>        yes, in older fabs. but the < 1u lines are loaded as of the
>    August summary.

Maybe they're all busy building DRAMs!  Associated with that  80% drop in 
DRAM prices between January of this year and today, is what I've vaguely 
heard is an approximate doubling in part volume.  

>.Remember, we're only 
>.talking about a few hundred wafers.
>.
>        the real issue is a working prototype --if it's ready to go,
>    there should be no trouble persuading a fab to run a batch.
>    I think the Tylan and Therm etchers are loading about 100
>    six inch wafers and eight inch may be on line.  a six inch
>    wafer has 27 sqin total and depending on the size of the 
>    individual 
>
>.Anyway, the way I see it, you're probably going to burn up over a million 
>.dollars worth of ELECTRICITY alone on a single crack with Pentiums. 
>.
>        4500 machines for $1M per year power?

Well, let's see.  Assume we're talking 150 watts of power per computer, at a 
price of about 10 cents per kwh.  That's 3.6 kwh per day, or 36 cents per 
day.  This works out to about $131 per computer-year, or $591,000 of 
electricity for 4500 machines.  Okay, I was a little off, but you get the 
point.

Obviously, things would help out a bit if the monitor were turned off, or 
the hard drives were shut down, etc,  or you were in an area with cheaper 
electricity.


>.Maybe Microsoft would be willing to help?  After all, it is THEY who are 
>.going to be limited to DES-strength exports if things continue as they've 
>.been going.
>
>        you wish to hand over the project to Billy?  so all our good 
>    designers are shunted off into never-never land as Billy stands 
>    up in the spotlight and claims it was his brain, and the muscle he
>    created in MicroSlop, who proved his boot sector virus and pretty
>    programmer whupped the big bad government, who was trampling on
>    our rights?  
>
>            "I, and I mean 'I and my billions,' solved this trivial 
>            DES problem, and I, and I mean 'I,' am the champion of 
>            your god given rights as promised in the Bill of Rights."
>
>        count me out; Billy and Big Ears are a perfect pair, they think
>    they walk on the same water!  

Well, okay, but let's not burn our bridges too quick.
 

>.How about Intel?
>
>        well, at least Andy Grove would not pull a Bill Gates. however,
>    Grove and company are very bottom line oriented and turn around
>    has been proven to be pretty slow in most of their fab plants --but
>    they have a special section of engineering knock-up.   I believe 
>    both Silicon Gulch and Hillsboro have 'em. 


I suppose one possible problem with Intel is that most of their fabs are 
likely to be dedicated to extremely high-value parts, as opposed to 
garden-variety MOS.  



Jim Bell
[email protected]