[Cryptech Tech] Support for 8192-bit RSA keys

Leif Johansson leifj at sunet.se
Mon Mar 25 13:06:52 UTC 2019



Skickat från min iPhone

> 25 mars 2019 kl. 13:44 skrev Pavel Shatov <meisterpaul1 at yandex.ru>:
> 
> Hi,
> 
> I've been working on a faster ModExp core with built-in blinding and CRT support. I initially wrote a reference math model that mimics how an FPGA does the computation so that I can later debug Verilog. I then started working on HDL code for a pipelined modular multiplier and stumbled upon the following problem.
> 
> Our FPGA (Xilinx Artix-7) has internal structure where next to each hardware multiplier there's a chunk of block memory. Each chunk is 16 kilobits [to be precise, each chunk is 18 kilobits because the data bus is 18 not 16 bits wide, those two extra bits can be used for eg. parity, but that's not relevant here, since we anyway only have 1024 words]. Now for the modular multiplier to work each chunk must simultaneously hold three quantities that are as large as the modulus. For 4096-bit keys those amount to 12 kilobits and fit nicely into the block. Unfortunately, for 8192-bit keys there's enough space.
> 
> Now I'm trying to figure out whether there's any real chance someone will want to operate on 8192-bit keys. My understanding is that since our primary use case is a DNSSEC signer, we're mostly dealing with 1024- and 2048-bit keys. Any thoughts?
> 

I think it unlikely.

> 
> -- 
> With best regards,
> Pavel Shatov
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech


More information about the Tech mailing list