[Cryptech Tech] trng ready for play

Bernd Paysan bernd at net2o.de
Fri Oct 17 19:18:06 UTC 2014

Previous message: [Cryptech Tech] trng ready for play
Next message: [Cryptech Tech] trng ready for play
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Freitag, 17. Oktober 2014, 08:51:52 schrieb Joachim Strömbergson:
> The point is - we can build a HSM, an embedded, dedicated, hard wired
> and (hopefully) secure system that even in low cost implementation can
> deliver high quality random number at Gbps performance. And by
> instantiating more cores (and thus increasing cost) can scale the
> performance above what you can achieve with CPU cores.

Yes, but you need quite expensive interfaces like PCI express to actually get 
the data out at rates which are faster than CPU cores creating randomness 
themselves.

> You will not for example achieve similar performance running on the ARM
> cores in the CPU on the Novena board.
> 
> If you want to build a system that does Tbps random generation using a
> 32-core x86-64 CPU or even using multiple CPUs then yes, it is quite
> possible. But I'm not so sure it will be considered a HSM.

Certainly not.  The idea of a HSM IMHO is that you keep those parts of the 
crypto system in a small, auditable, tamper-proof device, which are sensitive, 
and those parts which can't be done well in software.

IMHO the part where the hardware shines and is irreplacible is the entropy 
part - that's the one you can't do in software alone.  Creating tons of 
deterministic random numbers is something hardware can do faster than 
software, but software is quite capable doing it (therefore, for this part, 
only the performance advantage of the hardware is an argument), but then, you 
need the hardware in the right place - best inside the CPU core, with access 
to the caches.  I'd love to have a Keccak primitive in a CPU core with 1 cycle 
per round, giving about 5 bytes per cycle...

The Novena board is a bit atypical - here, we put the HSM into an expensive 
FPGA which has a high-bandwidth (for the given value of "high" - it's an ARM-
based SoC) connection to the rest of the system.  There, the performance 
advantage of the hardware is actually worth having it.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20141017/7e8dd639/attachment.sig>

Previous message: [Cryptech Tech] trng ready for play
Next message: [Cryptech Tech] trng ready for play
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list