Hi Tim On 6/04/2011, at 12:41 PM, Timothy Goddard wrote:
Hi Jay,
Your question here well and truly distracted me for a while - have played with both RSA and hardware design in FPGAs before but hadn't thought of combining. After looking in to it, the reality is that RSA signing is insanely expensive - IMHO already about as cheap as it's going to get any time soon.
A single 1024 bit signature requires an average of 1536 1024x1024-bit multiplications, up to 2048 if using path-independent code to prevent timing attacks. A 1024x1024 multiplication can be built up by accumulating the result of 1024 32x32 bit multiplications. That load can be divided between a number of multiplication units, but we're still talking 1,572,864 32-bit multiplications per signature. That's even before you add the modulo operation at the end of each of the 1024 bit multiplications.
Tried to work out how much I could get out of an FPGA here. The one I have could probably handle about 150 signatures/second with its multipliers assuming optimal conditions. Top of the line FPGAs could do 5000 or so in a $1.5k acceleration card.
Absolutely fascinating. I'll talk more offline about that.
HSMs are expensive for a reason. $5k a unit entirely reasonable for that sort of specialised hardware. If much more than that, you should start asking questions.
Basic models start at around $15k and some suppliers go well north of that. ta Jay
Cheers,
Tim
On Tuesday 05 April 2011 09:50:00 Jay Daley wrote:
Hi
Is there anyone out there, academics perhaps, developing new crypto accelerator/HSM hardware with a focus on high performance (e.g. 10k+ RSA sigs per second)? The current market is pretty poor with largely over-priced and under-performing kit and I'm hoping that someone is plotting to revolutionise it with something new and looking for a partner.
cheers Jay
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840