[Cryptech Tech] Draft Requirements

[Peter Gutmann]

Joachim Strömbergson <joachim at secworks.se> writes:

>Would meeting these requirements differ a lot in terms of algorithms, storage
>and performance?

Not really, but it might be good to list them to prevent other people coming
along and asking "what about ...".

>Why do you need to keep p and q after generating the public and secret keys?

For the CRT shortcut.  You don't need d, but you need p and q and the other
CRT components.

>Lets see if I follow you here. I generated a EC key pair for P-256 and looked
>at the keys. Since the actual curve parameters are specified, do you really
>keep anything else besides the private and public key? For P-256 that is 32
>bytes private and 64 bytes public key (x and y).

You'll need the other parameters in order to do anything with the public or
private keys.  So you don't need to store them, but you do need to
load/instantiate them when you use a public or private key.

>The amount of temporary storage is figured out during implementation of the
>cores. But they are not part of the requirement estimates. Having an estimate
>of how much space an unwrapped key of a certain type is good to have since it
>gives feedback on things like working set, internal memory requirements in the
>FPGA etc. Imho.

I'm not sure though, without having an implementation available, how easy
it'll be to make an estimate.  For example just a simple high-level question
of whether you do CRT-RSA or not will change the storage requirements, and
then there's lots of levels below that which will affect storage.

Peter.