[Cryptech Tech] Working memory on HSM for decrypted private key components?

[Pavel Shatov]

On 16.12.2015 15:42, Joachim Strömbergson wrote:
>>> The whole keywrap mechanism could be implemented in the FPGA which
>>> would mean that keys are only used in the FPGA and not exposed in
>>> cleartext.
>>>
>>> But, at least for RSA keys, the CPU needs to be involved in order
>>> to generate them.
>>
>> Yeah, Pavel and I are both skeptical about implementing Miller-Rabin
>> in Verilog.
>
> You are not alone. The easiest way imho would be to insert a small,
> constrained CPU core and add the alg in SW for it. But that CPU would be
> fairly inefficient and only run in say 100 MHz. (Could be faster
> depending on core used.).

Agree.

>> You'd need an path from the private key generator to the point
>> multiplier.
>
> Yes, which however is not very hard to do. The big consequence with all
> these things is that the FPGA starts moving from a collection of
> co-processor cores that SW can call to something that do things
> independently. We would add some sort of internal controller,
> arbitration (for handling/stalling commands from the CPU when the FPGA
> is using the resources by itself.)

You are right, this will kind of change the paradigm for FPGA from "just 
a collection of hardware helper cores, that the main processor can use" 
to something more complicated.


--
With best regards,
Pavel Shatov