[Cryptech Tech] Draft Requirements

[Basil Dolmatov]

There is no slightest need to store keys inside the FPGA.
 Keys must be stored inside tamper boundary. It is not the same. 

dol@ с iPad

> 21 февр. 2015 г., в 5:11, Peter Gutmann <pgut001 at cs.auckland.ac.nz> написал(а):
> 
> Warren Kumari <warren at kumari.net> writes:
> 
>> Some nits:
> 
> Further nits: Missing use cases are email (PGP/SMIME), 1-2 private keys and
> many, many publics, and secure sessions (SSL/TLS/SSH), 1-2 private keys and
> numerous publics.
> 
> A more serious problem is the per-key storage requirements, which are, um,
> nowhere near reality.  For RSA you need storage for n, e, p, d, q, u, e1, and
> e2, and depending on how you implement it (whether you just expose a single
> "modexp" outside the FPGA or lower-level primitives that you have to compose
> yourself) for an n-bit key you need storage of 2n for most components, 4n for
> some, and about 45 temporaries.  For ECC algorithms you need qx, qy, d, p, a,
> b, gx, gy, n, and h, and so many dynamically-allocated temporaties 80, 100, or
> more) that I've never bothered trying to track them all.
> 
> For now I wouldn't even try and estimate this, just assume you need Some
> Memory and then wait until you've got the implementation sorted out to see
> what that is.
> 
> Peter.
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech