[Cryptech Core] capacity/performance numbers?
Phil Roberts
roberts at isoc.org
Wed Jun 15 20:33:41 UTC 2016
Understood on all points.
I think that for the folks who are interested in testing in "something
like² an operational environment, a larger key store will be needed. I
don¹t think that entails a request for optimization of space.
I¹ll see if I can get a ballpark figure from the people who have asked
what would be meaningful for them, given the constraints they already know
about.
On 6/15/16, 1:17 PM, "Rob Austein" <sra at hactrn.net> wrote:
>At Wed, 15 Jun 2016 15:15:37 +0000, Phil Roberts wrote:
>>
>> Still, even in the context of doing alpha testing they would like to
>> have some idea about what the capacity of the device is in terms of
>> key storage.
>
>The current numbers are not particularly meaningful.
>
>We have a compiled in (changable at compile time) keystore size of 6
>keys, which is enough for initial testing. Fredrik has identified
>some minor recoding that we need to do to the keystore code before we
>will be able to support a significantly larger number of keys; this is
>not a big deal, just not a terribly high priority at the moment.
>
>We have, to date, made no effort whatsoever to squeeze stored keys
>into the smallest possible number of bytes.
>
>Ultimately, the size of the keystore is probably limited only by the
>size of the flash one wants to devote to it. Well, and search time,
>right now we're using linear search, if we started dealing with
>significant numbers of keys we'd need to do something more clever, but
>this is Computer Science 101 stuff.
>
>> And what the performance is in terms of signing operations (for
>> DNSSEC).
>
>We do not yet have anything concrete to report. We are only just now
>getting to the point where we hope to be able to run such tests.
>
>Performance numbers on the Novena were not encouraging. The Alpha has
>a slower CPU but a faster FPGA, so the overall mix will likely change,
>at least for RSA; ECDSA will likely change significantly once Pavel
>completes his Verilog EC point multiplier, but we don't expect to have
>that in time for Berlin.
>
>> I've told them that I would get back to them as soon as we have
>> something concrete to report.
>
>Good answer.
>
>> So I guess my question is whether we can say anything concrete at this
>>stage,
>
>No.
>
>> or in what timeframe we will be able to say something?
>
>We're peddling as fast as we can.
More information about the Core
mailing list