[Cryptech Tech] Draft Requirements

[Peter Gutmann]

Warren Kumari <warren at kumari.net> writes:

>Some nits:

Further nits: Missing use cases are email (PGP/SMIME), 1-2 private keys and
many, many publics, and secure sessions (SSL/TLS/SSH), 1-2 private keys and
numerous publics.

A more serious problem is the per-key storage requirements, which are, um,
nowhere near reality.  For RSA you need storage for n, e, p, d, q, u, e1, and
e2, and depending on how you implement it (whether you just expose a single
"modexp" outside the FPGA or lower-level primitives that you have to compose
yourself) for an n-bit key you need storage of 2n for most components, 4n for
some, and about 45 temporaries.  For ECC algorithms you need qx, qy, d, p, a,
b, gx, gy, n, and h, and so many dynamically-allocated temporaties 80, 100, or
more) that I've never bothered trying to track them all.

For now I wouldn't even try and estimate this, just assume you need Some
Memory and then wait until you've got the implementation sorted out to see
what that is.

Peter.