Slashdot Mirror
Students Develop Open Crypto Chip
Stuttgart students develop crypto chip
The eight head team "pg99" at the computer science dept of stuttgart university under guidance from Dipl-Ing Gundolf Kiefer has developed a complete crypto chip, which can do RSA (768 bit) and DES. With DES, with is intended for large data volumes, the chip can to 168 MBit/sec. The higher level RSA is being used mainly for DES key exchange, for authentication and for digital signatures. The chip will to ~50 keys/sec in RSA. Communication with the environment can be done via a parallel interface (8, 16 or 32 bit) or via two-wire I2C bis, which can be found on many current motherboards (Intel calls this SMB).
The 100,000 gate chip will be produced by Alcatel in 0.35 m technology (compare this to the 134,000 gates in an 80286). Officially the chip will be unveiled at the 8th of July at the computer science faculty, where the VHDL source of the design will be made availabe as Open Source.
If the context switch between RSA and DES isnt prohibitive you could send a new key via RSA a couple of times per second without breaking a sweat.
Firstly, and off-topic, no one in their right mind outside of Lower Slobovia thought the earth was flat. That's why the ancient Greeks (Aristhosthenes? Pythagoras?) were able to estimate the circumference of the earth to within a couple of kilometres using simple trigonometry.
The fact is that people's outlooks change. We /think/ that people thought the earth was flat, and now it's a general assumption - but untrue for the large part. No one thought to write in the inalienable right to privacy in the US' Constitution because no one ever tried to take it from them. It was a part of their lives, and no one would have *use* for these things.
In this day and age, privacy becomes very important -- and yet, the US is trying to take it away from the entire world - especially its citizens - with projects like ECHELON. It's about time that their constitution got changed to make privacy a right, the same way they have the inalienable right to bear arms (another thing which has changed over the years. "I have to defend myself against the King of England!" (Sorry, don't remember the exact quote from the Simpsons.))
A stream cipher like RC4 can encrypt and decrypt data faster than you can read it from your hard drive. A modern processor can do a public key operation in fractions of a second. Few applications need public key crypto, perhaps only very heavily loaded secure servers. Almost no-one needs secret key (eg DES) in hardware: maybe only routers.
For most of us, such a chip wouldn't make anything we do noticeably faster or more secure.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Xenu loves you!
Whoops, of course millions of things need public key, but they don't need hardware acceleration. Damn those thinkoes.
There's special hardware designed to keep your secret keys more secure, now, but that's a different matter.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Xenu loves you!
The way I am reading this is that this device will be designed to [(en)(de)]crypt data transmitted via any type of communication link. This would work very nicely with a cellular/wireless communication link. [(en)(de)]crypttion can then be done in hardware in real time saving much valuable CPU resources. It could also be used for VPN's in the near future as better security.
While this chip is cute, and smartcard manufacturers have been making strides in putting good crypto functions into the cards, there is the big dark cloud of differential power analysis hanging over their heads that they have not dealt with yet. Basically a determined attacker can rip the secret keys from smart cards in a _very_ short period of time by observing power draws while the card is in use (i.e. the old "one" uses more power than "zero" problem.) Until this problem is dealt with anyone who uses a smartcard for crypto is just adding features for a marketting brochure and not adding any real security.
This sure flys against RMS's article
of just two days ago! He was saying
that he didn't see it as reasonable
to GPL hardware cause it's too
expensive.
Well - what about GPLing the DESIGN!
Sheesh
All the more power to these guys..
Steve
Have you compiled your kernel today??
What's stopping you from having three of these chips, do to Triple DES at the full rate that one chip does DES?
(Ok, other than cost and board real-estate...)
--Joe--
Program Intellivision!
Now that gives me the privacy heebee geebees. (Someone, go moderate up the parent to this post.)
I hope that anonymizers start playing a more prominent role in such a society, otherwise requiring cryptographically strong signatures on everything will become a rather effective tool for oppression.
Of course, such a system will only really work if people protect their digital signatures much better than anything else they currently protect. For goodness sakes, our ATM accounts are protected by a 4-digit PIN, and my credit cards are protected by my mother's maiden name. *sheesh* Then again, if we're forced to use biometric data gathered with standardized, regulated machines in order to generate digital signature data, a digital signature is as good as or better than a fingerprint.
--Joe--
Program Intellivision!
Well, the device does DES and RSA, implying there's alot of good communications infrastructure, and that the encryption cores themselves are largely decoupled from the rest of the design. At least, that's what I'd hope they did, since it would make the part more valuable overall: You could plop the encryption cores into other chips that had different communication requirements easily, and you could drop different encryption cores into this chip easily.
If that's the case, then we can reuse all the communication bits, and replace the DES core with an RC5 key-crunching core. This is alot like the way d.net clients share the most of the same block management and network communication code between the DES and RC5 cores it has internally -- the key cruncher is actually a small (yet very important) part of the overall problem.
Ah, isn't 'open source' fun?
--Joe--
Program Intellivision!
The natural question for many /.'ers that also participate in distributed.net is whether or not this will be useful for crunching keys.
I'm guessing, in it's base form, the device is tuned for (en|de)crypting large volumes of data with a fixed key, and that key reloads are expensive. Translation: It won't help a d.net-style keysearching effort much as-is.
Does anyone have more information on this to confirm or deny this conjecture?
Also, is anyone out there crazy enough (and skilled enough w/ VHDL) to hack this device into the world's fastest RC5 block cruncher? :-) Places like MOSIS will fab "educational" and "prototype" designs in small quantities for reasonable prices.
--Joe--
Program Intellivision!
I don't think anyone in the US government actually thinks that only the US has good crypto and that export restrictions really limit the availability of strong crypto outside the US.
They may appear to act dumb at time, but this is a result of politics, not stupidity.
Export restrictions are actually working very well to limit the widespread acceptance of interoperable encryption standards. Without export restrictions we could have had most traffic encrypted as the default option by now.
This is done using the technology export regulations because that's the tool they have. If they didn't have that they'd find some other way to do it.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
I think instead of uncle sam ther should be big brother sam :)
Kaoslord [quote goes here] define("slashdot purity","67.5");
Ha!!! I finished it in 3 days. Of course, in order to read about 300 pages a day I had to ignore my bladder's pitiful pleas for me to visit the restroom.
Scuttlemonkey is a troll
> But what WILL happen when all of our
> transactions and communications can be
> encrypted? Interesting question...
Then we will be able to enjoy the kind of privacy our great-grandparents took for granted. The kind of privacy the founding fathers of the United States took as a given, so much so that they (unfortunately) didn't bother to explicitly write it into the constitution, even though other amendments (such as the fourth) clearly imply that such privacy was simply a fact of life, like getting up in the morning and feeding your horse.
Chips like this may or may not usher in a new age where levels of personal privacy return to the level they were at a few decades ago, but at least they'll require that the spooks do a little work (hopefully hard work) whenever they feel compelled to violate ours.
The Future of Human Evolution: Autonomy
So when will this headline become standard? I think having a computer with a powerful large bit crypto chip could be convienent.
Yet more evidence that the U.S. Gov't's policy on export control of crypto products is obsolete. Sorry spooks, its already overseas, and its well known enough that students can even put it in hardware. Give up already.
Are you implying that you've already finished that giant?!
One day... and that was after an all-night rave. Now I'm just waiting for his next book, containing the two subplots he couldn't add in due to book size restraints, to come out so I can have some real time reading again.
Here's a working link to the article.
--The more you know, the less you know.
I don't think the government is even worried about not being able to read other countries' messages. I think they're much more concerned about not being able to monitor communications in the US. With all this Echelon stuff lately you have to wonder if they're more interested in spying on their own country rather than other ones. They can already listen to our phone calls any time they want to, so i'm sure they want to continue to be able to read our email if they want to also. What a buncha crap. I think everything should be encrypted. Believe it or not there are things that are none of the government's business.
Bastards.
-=Cozmo=-
NOTHING the government can do will prevent other countries from using crypto. You will never be able to keep chips like this out of the hands of the "bad guys" (any country other than our own, and including our own). There is nothing you can do about it. I can't believe the US is trying to control the crypto in other places. They have as much right to use it as we do. The US gov. gets so pissy sometimes its unreal.
Bad example. It was later discovered that these changes just happened to make DES *stronger* against differential crypto-analysis. Something the public crypto world didn't discover until years after NSA made those modifications.
Does anyone know how large a chip like this would be? It seems like at .35 with 100,000 gates it would be relatively tiny. So we should be able to fit 50+ of these on one PCI card. Have one 16 bit microcontroller + 16k ram on it. You should then be able to sell the PCI card and write a tiny driver to send/receive data from it. Or maybe combine 15 of these at a time on one chip and pop 4 of the chips on a PCI card, whatevers more economical. This would make an interesting card to pop in your slot. I've been wondering what to put in my last empty PCI slot...
The Cryptonomicon is almost here. Neal, I thought you wrote Science "Fiction".
Ever since reading that, I've been getting more and more paranoid with my communications. I applaud these efforts.
Oh yeah, gotta be careful with those Crypto exports... (snigger)
But what WILL happen when all of our transactions and communications can be encrypted? Interesting question...
It's a thankless job, but I've got a lot of Karma to burn off
The point of a chip like this is to have authentication happen on secure hardware, not an insecure host. This is useful in a lot of applications, especially smart card readers.
For example, monetary transactions - your smart card holds your key and the smart card reader does all of the authentication and sends a signed request to the merchant. That way, you don't have to worry about credit card numbers flopping around all over the place. The transaction takes place between your card and the vendor.
Another possible use could be for logging in - no more worrying about passwords because you can sign in with your key (stored on the smart card) and pin number.
Besides, we in America already have cool stuff like this. Check out http://www.nabletech.com and their N*Click chip
Invidia fortunum ovit.
Europe doesn't need crypto if we keep speaking french :)
nosig today
Anyone know where I can find an English translation of this article.
Project Echelon basically involves series of discreet listening posts placed world wide. These listening posts are capable of intercepting Infared signals, Radio Waves (RF Transmissions, ie cordless phones), ANYTHING sent via telephone lines (land lines, or cellular based)...
In short, they basically listen in on anything we can do, crypto or not...
On a side note, we all remember the Clipper Chip, right? The one that the NSA banned because they couldn't crack it, and the designer wouldn't allow the NSA to "put a back door in.. for the interests of National Security."
That is the whole point of brute-force attack against cryptosystems!! You only need a system which is capable of decrypting a given ciphertext with a given key. Therefore this chip DOES crack encryption. The EFF used a similar setup to crack DES, too.
I don't believe NSA will give a damn about this student project. With today's technology, DES is a joke anyway. It is a good algorithm if you have something to hide from your brother in the high school. I also don't believe that NSA will give a damn about any chip that encrypts/decrypts publicly available algorithms-designing a chip is not very difficult nowadays if you know a bit or two about FPGAs and hardware description languages.
However, if you find a way to crack these algorithms WITHOUT using a brute search, and publish it; expect a black helicopter from NSA on your backyard very soon.
Zigbee Central: A Zigbee weblog
Yea, it allows designers the freedom of using the VHDL for SOS/SOC stuff.
As to others; I know a few chip offerings that are commercially available. With this latest news it may put pressure on these vendors to keep prices down...
Some of the information in the article may be a little bit misleading (what one person says, the second understands and the third person translates from german into english... ;-) ). So let me try to clarify some things:
1. We (or Alcatel) are currently not planning any high-volume fabrication of the chip. What the students have designed until now is a gate-level netlist based on an Alcatel standard cell technology. The design is now being simulated thoroughly. The next step may be to get a few prototypes fabricated for educational and research purposes.
2. The Intel 80286 processor has got 134,000 transistors (not gates!). The crypto chip has got a complexity of about 100,000 gates which corresponds to approximately 400,000-450,000 transistors. This number is comparable to the Intel 80386 processor (275,000 transistors).
Some remarks on/answers to previously asked questions:
- The estimated size of the chip is 10mm.
- The DES part is in fact optimzed for en-/decryption and not for crunching keys: DES keys are loaded using RSA encryption which is comparably slow.
Gundolf Kiefer
The NSA is not going to be happy about this chip. If you set up a network based on this chip in the NIC ...
so much for my packet sniffer...
watch the US bans the chip as a "threat to Natinal Security".
8)