[Cryptech Tech] Happier RSA timing numbers

Joachim Strömbergson joachim.strombergson at assured.se
Sat May 19 05:38:37 UTC 2018

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 conAloha!

Rob Austein wrote:
> I think that [7] answers your question to the extent that the
> current profiling code is going to be able to do so: out of the 258
> total seconds we spent fetching from the keystore, we spent about 20
> on FMC write, 18 on FMC read, and 98 twiddling our thumbs waiting for
> the AES core.

Ok, so this is highly interesting. You mention below that there might
have been more than one AES core. But for the sake of analysis, lets see
if we can improve the performance.

I can build a modified version of the AES core with 16 Sboxes. This
should cut those 98 seconds to 25 or so. That is fairly easy to do and I
can start doing that on Tuesday. Ok?

I think this is way more important to spend time on than the FPGA based
master key memory.

One thing I haven't considered is how key expansion is done. Today the
key expansion is triggered when performing an "init" of the core. Since
the core is ECB you should only need to do "init" when you really are
changing keys in the keywrap.

Can you check when and how often you pull "init"?

BTW: My memory fails me, which keywrap are we using - SIV och NIST
AES-keywrao SP 800-38F (also in RFC 3394, if I'm not mistaken)?

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Assured AB
========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJa/7hdAAoJEF3cfFQkIuyNvXQQAMj1gRVI0vtCNj+W1qtgWyY1
6l7sB8Oocx0GCq58mMUUaCQH4Somi2Ic+SRolWEeY6h/s5tXgAFpSZtm7ccX6Wf6
EDJ2IwtqP4hi/XP1fyhNs4nOuWJJKzmBZqajhu35DvuIzvHV8XzAgR+JjNjGDKqf
PegFLZ0OPhic9iALB1gMPhDxg9xCJ3oyj6m2Sjv7hn+GZCMlH/1Q8HuJMw8XU3+z
loNBA7jq6w0iDO/bzyPtJEezI+SZiP1f00VtWEua7su8xEHoviPuWYfhwjkm1x4T
3UO78H33/ayu+arxW75z33Diy8q+onrPKPQs5MY1crZejDrjOTZHjwvWah67jSyW
TvkUbeSkyZQwpJQ/gsRvRWpQvIzyCT3htt6CTV0ILuWT2J1XZPA3JOCYpPrZvT76
RhOfJAf9ejsRKxS25NkKtwOQEqR+hf65AHpxqPD347tErRx8U/rjt8gSCAmUC2VP
/iFKfVmf3bkLuqNZwJMbSUdaEGCiXKdNL2f6p+Hm15plJubYnJDEvMpFkM+/bmGH
Zj6vzrkT1JMuG1Xy5tDxw4h5dHIkv7vQ6hE94DiBSdXC4HkMQZ2HGWSLNm8+ryzd
fazyWOAUdYiOAp19oysE7mo1KnrqWyV/mSLr0rR5sUZ1QMjUMC9UNUEBlK6ewGT+
muocOd4S9pkqdK6z6oA8
=e741
-----END PGP SIGNATURE-----

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list