[Cryptech Tech] Key wrap in HW

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Jun 25 12:26:28 UTC 2018

Joachim Strömbergson <joachim.strombergson at assured.se> writes:

>Almost 5000 bytes for a 8192 bit key. That is 4.5x more data and the key
>length in bits.

You could use the PKCS #15 format, which is more sensible, it only stores the
components you need to store.  So depending on the amount of recomputation you
can handle you could only store p+q.

>Divided into 64 bit blocks on which the key wrap operates, that is 585
>blocks. Each block is transferred 12 times between the MCU and the FPGA (if
>one counts the cipher text for the block to be the same block). And for each
>transfer there is a spin-wait for the AES core to signal ready after
>processing the block. I think there is an opportunity to improve matters

Is that specific to the NIST wrap mechanism or an issue with the HW in
general?  For PKCS #15 it's just AES-CBC with an HMAC around it, so presumably
a single operation, or at least one for AES over a block of memory and a
second for the HMAC over the same block.


More information about the Tech mailing list