[Cryptech Tech] Happier RSA timing numbers

Joachim Strömbergson joachim.strombergson at assured.se
Tue May 22 07:30:28 UTC 2018

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Joachim Strömbergson wrote:
> Aloha!
> 
> Rob Austein wrote:
>> For future reference: a branch of the existing aes repository
>> would have been much simpler to test than a whole new repository.
> 
> I did considered that, but decided that having two separate cores
> with different architectures would be much less confusing.

To clarify: I expected that the aes core optimized for speed would be so
much larger (in terms of resources used) that we would never merge it
into the normal aes core. My experience is that having two quite
different architectures and designs in the same repo in different
branches that never merge will lead to confusion. Normally the one not
being the master will be lost, forgotten, not found etc. Even if you try
to be very explicit in branch naming, documentation etc.

But I have now done some synthesis runs of the aes_speed core and
compared it to the normal aes core. I think that we could consider
replacing the aes core with aes_speed.

Results for Xilinx Artix7-t200.

Old core (aes)
- - 2102 slices
- - 2991 regs
- - 113 MHz (8.79ns)

New core (aes_speed)
- - 2019 slices
- - 2984 regs
- - 131 MHz. (7.58ns)

The better clock speed and a few less registers isn't surprising. A
couple of MUXes to provide S-box sharing within the encipher path and
between encipher and key expansion has been removed.

But the number of slices is a bit surprising. The mapping tool seems to
do a great job mapping the S-boxes. For reference, I've done a similar
modification of the AES core for an ASIC-implementation, and there we
could see an increase in cells as the number of S-boxes increased.

So, we need to test the AES core in the actual FPGA. If it works we
should probably replace the old aes core with the design in aes_speed.

One thing I will do right away is to further optimize performance and do
cycle measurements between aes and aes_speed.

This is fun!
- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Assured AB
========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJbA8cUAAoJEF3cfFQkIuyNsyAP/1/wPJ1FrZn4c5mjhG2q5Tkm
7p2sFm/8ms76dGlKf2IEze2BXxYaOKIJIMJkKZmQTaNruG+8rJv60ieTSsqT1l27
0TOkSFy83CRamRxLhRj+ZVNhf+SEpC2Ui5mBcM8pL/b9Mh4Hz0rO3kTB7IFZj5gi
HmNNRKMjMoi41+7mRpXI4lCBoYpvZkZ5xUmPlXHgAIYRZHkWZmjMEjDuE2P/zm2E
/T5AUsSHYafM8vQHQKZrQoxRwnULigsuluJYqRqPKi9IZjfyHvbl2V+YUFotWv/f
PBFTZcyKVD/V35EV1S8xWPx1Ovy74hnZobn3WnCeq0TYgnJLEanRaiVuvMImoWRU
a39+sDhUVFTEkVDl66FGuZYMs1nOeVqXkVspeyONyfWb5OpPUIRph36taqUma0/0
LfhH88xnpkUWILr0wpmeyW9kyidnbzDIdBNjWFSEhEIbMW0cQ8TO/01HWgKNKP3t
5FLvwIQQKP6cqmnX2cIZgDPOj5YsmZwtrXufFSoKMMoUJ6BMnrthq05cBua7LD1w
+El3XyfJuwkOvzXH3AWgRXYfXgEB3W2tZossvUpylvgHO4wXkIwWNGjLudjmjKiz
2Apxw0j7vTyardX1oGKQ7V13U0sy/4fNa0PkIvyGakIvGqT0Lt3db1zl+qyxQYsf
o3mY/MSQNkGkYECNaUgH
=cS/5
-----END PGP SIGNATURE-----

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list