[Cryptech Tech] Support for 8192-bit RSA keys

Pavel Shatov meisterpaul1 at yandex.ru
Mon Mar 25 12:44:46 UTC 2019


I've been working on a faster ModExp core with built-in blinding and CRT 
support. I initially wrote a reference math model that mimics how an 
FPGA does the computation so that I can later debug Verilog. I then 
started working on HDL code for a pipelined modular multiplier and 
stumbled upon the following problem.

Our FPGA (Xilinx Artix-7) has internal structure where next to each 
hardware multiplier there's a chunk of block memory. Each chunk is 16 
kilobits [to be precise, each chunk is 18 kilobits because the data bus 
is 18 not 16 bits wide, those two extra bits can be used for eg. parity, 
but that's not relevant here, since we anyway only have 1024 words]. Now 
for the modular multiplier to work each chunk must simultaneously hold 
three quantities that are as large as the modulus. For 4096-bit keys 
those amount to 12 kilobits and fit nicely into the block. 
Unfortunately, for 8192-bit keys there's enough space.

Now I'm trying to figure out whether there's any real chance someone 
will want to operate on 8192-bit keys. My understanding is that since 
our primary use case is a DNSSEC signer, we're mostly dealing with 1024- 
and 2048-bit keys. Any thoughts?

With best regards,
Pavel Shatov

More information about the Tech mailing list