From paul at psgd.org Tue Apr 9 20:22:17 2019 From: paul at psgd.org (Paul Selkirk) Date: Tue, 9 Apr 2019 16:22:17 -0400 Subject: [Cryptech Tech] new binary packages Message-ID: <548da0eb-6954-6d9e-4c8a-054f95cc5c02@psgd.org> New binary packages have been generated for Debian Stretch (9) and Ubuntu Bionic (18.04) in addition to the previous Debian Jessie (8), Ubuntu Xenial (16.04), and MacOS Homebrew. I have installed on Ubuntu Cosmic (18.10), and it passes libhal and pkcs11 unit tests. - The primary feature of this release is merging the fmc_clk_60mhz branches to master, so that the FMC bus and the FPGA cores run at the same frequency. The actual work was done a while ago, but is now considered stable enough to put into production. This alone is good for about a 12% boost in RSA signing speed. The ultimate goal is to run both the bus and the cores at 90mhz, but that's proving a harder nut to crack. And 60mhz proves the concept, boosts performance, and simplifies the code at the same time. - Along with this, I moved byte-swapping from software to hardware. The STM32 processor is little-endian, while the FPGA register interface is effectively big-endian. Changing the FPGA register interface to little-endian allows us to move data back and forth with memcpy. The actual performance boost is negligible (0.3%), but it does simplify the code. And as long as we're doing a flag-day change to the bitstream, we might as well do two. - Another major feature that got swept up in this is support for export and import of hashsig keys. I'll do a fuller write-up of that, but the idea is this: Hashsig keys can only sign a limited number of messages, so the process of exporting a key partitions the keyspace between the original key and the exported key. So two signers can use different sets of one-time signing keys, while still being verified with the same public key. - And some other bits of cleanup. NOTE: Even more so than in previous releases, you MUST update BOTH the bitstream and the firmware, since they need to agree on the speed and endian-ness of the FMC bus. Updated installation instructions in the same place as always: https://wiki.cryptech.is/wiki/BinaryPackages paul