[Cryptech Core] capacity/performance numbers?

Rob Austein sra at hactrn.net
Wed Jun 15 18:17:25 UTC 2016


At Wed, 15 Jun 2016 15:15:37 +0000, Phil Roberts wrote:
> 
> Still, even in the context of doing alpha testing they would like to
> have some idea about what the capacity of the device is in terms of
> key storage.

The current numbers are not particularly meaningful.

We have a compiled in (changable at compile time) keystore size of 6
keys, which is enough for initial testing.  Fredrik has identified
some minor recoding that we need to do to the keystore code before we
will be able to support a significantly larger number of keys; this is
not a big deal, just not a terribly high priority at the moment.

We have, to date, made no effort whatsoever to squeeze stored keys
into the smallest possible number of bytes.

Ultimately, the size of the keystore is probably limited only by the
size of the flash one wants to devote to it.  Well, and search time,
right now we're using linear search, if we started dealing with
significant numbers of keys we'd need to do something more clever, but
this is Computer Science 101 stuff.

> And what the performance is in terms of signing operations (for
> DNSSEC).

We do not yet have anything concrete to report.  We are only just now
getting to the point where we hope to be able to run such tests.

Performance numbers on the Novena were not encouraging.  The Alpha has
a slower CPU but a faster FPGA, so the overall mix will likely change,
at least for RSA; ECDSA will likely change significantly once Pavel
completes his Verilog EC point multiplier, but we don't expect to have
that in time for Berlin.

> I've told them that I would get back to them as soon as we have
> something concrete to report.

Good answer.

> So I guess my question is whether we can say anything concrete at this stage,

No.

> or in what timeframe we will be able to say something?

We're peddling as fast as we can.


More information about the Core mailing list