[Cryptech Tech] Key wrap in HW
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jun 25 12:26:28 UTC 2018
Joachim Strömbergson <joachim.strombergson at assured.se> writes:
>Almost 5000 bytes for a 8192 bit key. That is 4.5x more data and the key
>length in bits.
You could use the PKCS #15 format, which is more sensible, it only stores the
components you need to store. So depending on the amount of recomputation you
can handle you could only store p+q.
>Divided into 64 bit blocks on which the key wrap operates, that is 585
>blocks. Each block is transferred 12 times between the MCU and the FPGA (if
>one counts the cipher text for the block to be the same block). And for each
>transfer there is a spin-wait for the AES core to signal ready after
>processing the block. I think there is an opportunity to improve matters
>here.
Is that specific to the NIST wrap mechanism or an issue with the HW in
general? For PKCS #15 it's just AES-CBC with an HMAC around it, so presumably
a single operation, or at least one for AES over a block of memory and a
second for the HMAC over the same block.
Peter.
More information about the Tech
mailing list