[Cryptech Tech] Support for 8192-bit RSA keys
meisterpaul1 at yandex.ru
Mon Mar 25 12:44:46 UTC 2019
I've been working on a faster ModExp core with built-in blinding and CRT
support. I initially wrote a reference math model that mimics how an
FPGA does the computation so that I can later debug Verilog. I then
started working on HDL code for a pipelined modular multiplier and
stumbled upon the following problem.
Our FPGA (Xilinx Artix-7) has internal structure where next to each
hardware multiplier there's a chunk of block memory. Each chunk is 16
kilobits [to be precise, each chunk is 18 kilobits because the data bus
is 18 not 16 bits wide, those two extra bits can be used for eg. parity,
but that's not relevant here, since we anyway only have 1024 words]. Now
for the modular multiplier to work each chunk must simultaneously hold
three quantities that are as large as the modulus. For 4096-bit keys
those amount to 12 kilobits and fit nicely into the block.
Unfortunately, for 8192-bit keys there's enough space.
Now I'm trying to figure out whether there's any real chance someone
will want to operate on 8192-bit keys. My understanding is that since
our primary use case is a DNSSEC signer, we're mostly dealing with 1024-
and 2048-bit keys. Any thoughts?
With best regards,
More information about the Tech