[Cryptech Tech] new binary packages

Paul Selkirk paul at psgd.org
Tue Apr 9 20:22:17 UTC 2019


New binary packages have been generated for Debian Stretch (9) and
Ubuntu Bionic (18.04) in addition to the previous Debian Jessie (8),
Ubuntu Xenial (16.04), and MacOS Homebrew.

I have installed on Ubuntu Cosmic (18.10), and it passes libhal and
pkcs11 unit tests.

- The primary feature of this release is merging the fmc_clk_60mhz
branches to master, so that the FMC bus and the FPGA cores run at the
same frequency. The actual work was done a while ago, but is now
considered stable enough to put into production. This alone is good for
about a 12% boost in RSA signing speed.

The ultimate goal is to run both the bus and the cores at 90mhz, but
that's proving a harder nut to crack. And 60mhz proves the concept,
boosts performance, and simplifies the code at the same time.

- Along with this, I moved byte-swapping from software to hardware. The
STM32 processor is little-endian, while the FPGA register interface is
effectively big-endian. Changing the FPGA register interface to
little-endian allows us to move data back and forth with memcpy. The
actual performance boost is negligible (0.3%), but it does simplify the
code. And as long as we're doing a flag-day change to the bitstream, we
might as well do two.

- Another major feature that got swept up in this is support for export
and import of hashsig keys. I'll do a fuller write-up of that, but the
idea is this: Hashsig keys can only sign a limited number of messages,
so the process of exporting a key partitions the keyspace between the
original key and the exported key. So two signers can use different sets
of one-time signing keys, while still being verified with the same
public key.

- And some other bits of cleanup.

NOTE: Even more so than in previous releases, you MUST update BOTH the
bitstream and the firmware, since they need to agree on the speed and
endian-ness of the FMC bus.

Updated installation instructions in the same place as always:
https://wiki.cryptech.is/wiki/BinaryPackages

				paul


More information about the Tech mailing list