[Cryptech Tech] trng ready for play

Joachim Strömbergson joachim at secworks.se
Sat Oct 18 06:36:05 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Bernd Paysan wrote:
> Yes, but you need quite expensive interfaces like PCI express to
> actually get the data out at rates which are faster than CPU cores
> creating randomness themselves.

I'm actually not that worried about price at 10+ Gbps speeds, anybody
that have those demands probably has the budget for it. PCIe is one
option. Network interfaces (10GbE, 40GbEa etc) are another. But we are
talking about boards in 1kUSD - 10kUSD range if you want to buy a ready
made board. This one I really liked:

http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=158&No=856

PCIex8 and a big FPGA with plenty of external memory to run both
HW-accelerators and a complete CPU with SW for control.

One of the later NetFPGA boards can provide both PCIe as well as
flexible high performance network I/O via SFP+ cages.

http://netfpga.org/2014/#/

What I think is an important aspect of the Cryptech project is the
ability to scale to meet different demands. That is why i stress that
the design we have in the TRNG allows us to scale from low cost but
still good performance up to basically arbitrarily high speeds.

How would you do scaling to Tbps performance using SHA-3/Keccak as a
PRNG? - Tree hash based? Or multiple instances seeded with their own seed?


> I'd love to have a Keccak primitive in a CPU core with 1 cycle per
> round, giving about 5 bytes per cycle...

Which would be slower than running ChaCha in SW for long sequences. ;-)

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUQgpVAAoJEF3cfFQkIuyNRowQANWJwDVyZQ5Gzcig9GFK/sIl
sDXdqZPshjpaoDUVXCwSYY8sFtgBPhCsOed0NrWRBLT0mw1sPDGIuv1JL2YFvBLJ
bEfMteXbWlB9Wg/Kx6CeGXB+GOnv2Gb3c8UT5iHi4bEjpqMkVxGoQYCeN1Ibee+w
om/8XqaorqH7TV2q2/PfgHoGWn9R1l3dJuFAZ9QOKuC0zQGWLZbCbhRjVN/HAvMv
GJCxW1a5Fk9IsmFafmORNx9F0BODPWXe4A9lXGZ4hQKz+z867FpkiI+HV1ir9HtL
dQkYdBfh/bhHZ70mFBB/Nt9eO09BbQ6tdVZgLSdb7zTpN7h40kJXESRt8ulsnX1X
Yw0we2b1gOKv7SdtYH7ZLTLcqUOSG1kd/XFuDnZZlSqEjliKQzyKNHdnELJAZN2b
k9NzftSvbZiSd5g83WISFSjnP/GABngjvUrDaA8T5NNejAYB7dbvInXsXYcJJIdj
9mSGUvh5ZIVCeoONA+MJicITju9OOELRinOJiyuY4LP5Xk3pMU0fiBFGYE/YJMTA
iHlSFxgy7cD2vFA/9r3Kj53jyhO30VrKc4iZXE8ev5lwqXO35KCszDmMZXR0n5CN
wn3RMcBjzylcEsIOTFYmAZC7p8FcjeNdStdrN7JvTSOo5d9gmVFLAKirMUSxu/zJ
IQuNcGSYxWZtp+cU9cao
=Xasy
-----END PGP SIGNATURE-----


More information about the Tech mailing list