[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA hardware


Lucky Green:
> The more I think about it, the less sense it makes to me to use a dedicated
> hardware accelerator. I have seen $3,000 hardware accelerators that are
> outperformed by a PP200. The nCipher device is excellent. 100 1024 bit RSA
> signing a minute for $5,000. How much would be a nice multi-processor Alpha
> that does about the same number of signings? Or just a stack 10 of Pentiums?
> Before buying an accelerator, make sure to do the math. Eric Young posted
> timings for various common CPU's a while back.

Keep in mind that there are metrics other than just keys per second for
comparison.  Often, hardware devices are certified RED/BLACK isolation
devices, TEMPEST certified, tamper-resistant, etc.  They are also usually
easier to maintain than software systems on GP hardware.

Also, the major consumers of such devices, the government/military, spend
a *lot* more on hardware/software/user maintenance than any cypherpunk.  Their
computers are usually TEMPEST certified, etc., so their curve is a lot
higher up.

Assuming efficient markets, the reason so few of these devices are sold
outside the military is that they're overpriced except for those in
the same situation as the military. though :)

I've been thinking of buying a wicked-fast FPGA prototyping board and
making my own coprocessor.  There are some really nice gate arrays, and
David Honig has some fairly wonderful plans for how to use them for
things like Blowfish, etc.  I've mainly concentrated on high-speed
symmetric ciphers, but they'd be applicable to RSA/DH, I believe.  For
one blowfish implementation, the limiting factor (assuming key setup
can be done efficiently) is the PCI bus, I think.
- -- 
Ryan Lackey
[email protected]

Version: 2.6.2