Forgot your password?
typodupeerror
Encryption Security

Students Develop Open Crypto Chip 72

Posted by CmdrTaco
from the ain't-that-cool dept.
kris writes "German Computer Magazine c't just pointed to an article about German Students developing a crypto chip. The device will do 168 MBit/sec DES, 50 key exchanges in 768 bit RSA and will the VHDL will be published as Open Source. Alcatel will build the beast." The original article is in German, but kris also sent us a rough translation which I've attached below.

Stuttgart students develop crypto chip

The eight head team "pg99" at the computer science dept of stuttgart university under guidance from Dipl-Ing Gundolf Kiefer has developed a complete crypto chip, which can do RSA (768 bit) and DES. With DES, with is intended for large data volumes, the chip can to 168 MBit/sec. The higher level RSA is being used mainly for DES key exchange, for authentication and for digital signatures. The chip will to ~50 keys/sec in RSA. Communication with the environment can be done via a parallel interface (8, 16 or 32 bit) or via two-wire I2C bis, which can be found on many current motherboards (Intel calls this SMB).

The 100,000 gate chip will be produced by Alcatel in 0.35 m technology (compare this to the 134,000 gates in an 80286). Officially the chip will be unveiled at the 8th of July at the computer science faculty, where the VHDL source of the design will be made availabe as Open Source.

This discussion has been archived. No new comments can be posted.

Students Develop Open Crypto Chip

Comments Filter:
  • by Anonymous Coward
    If the context switch between RSA and DES isnt prohibitive you could send a new key via RSA a couple of times per second without breaking a sweat.
  • Sorry, but the original poster has a good point.

    Firstly, and off-topic, no one in their right mind outside of Lower Slobovia thought the earth was flat. That's why the ancient Greeks (Aristhosthenes? Pythagoras?) were able to estimate the circumference of the earth to within a couple of kilometres using simple trigonometry.

    The fact is that people's outlooks change. We /think/ that people thought the earth was flat, and now it's a general assumption - but untrue for the large part. No one thought to write in the inalienable right to privacy in the US' Constitution because no one ever tried to take it from them. It was a part of their lives, and no one would have *use* for these things.

    In this day and age, privacy becomes very important -- and yet, the US is trying to take it away from the entire world - especially its citizens - with projects like ECHELON. It's about time that their constitution got changed to make privacy a right, the same way they have the inalienable right to bear arms (another thing which has changed over the years. "I have to defend myself against the King of England!" (Sorry, don't remember the exact quote from the Simpsons.))

  • A stream cipher like RC4 can encrypt and decrypt data faster than you can read it from your hard drive. A modern processor can do a public key operation in fractions of a second. Few applications need public key crypto, perhaps only very heavily loaded secure servers. Almost no-one needs secret key (eg DES) in hardware: maybe only routers.

    For most of us, such a chip wouldn't make anything we do noticeably faster or more secure.
    --
    Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
  • Whoops, of course millions of things need public key, but they don't need hardware acceleration. Damn those thinkoes.

    There's special hardware designed to keep your secret keys more secure, now, but that's a different matter.
    --
    Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
  • The way I am reading this is that this device will be designed to [(en)(de)]crypt data transmitted via any type of communication link. This would work very nicely with a cellular/wireless communication link. [(en)(de)]crypttion can then be done in hardware in real time saving much valuable CPU resources. It could also be used for VPN's in the near future as better security.
  • While this chip is cute, and smartcard manufacturers have been making strides in putting good crypto functions into the cards, there is the big dark cloud of differential power analysis hanging over their heads that they have not dealt with yet. Basically a determined attacker can rip the secret keys from smart cards in a _very_ short period of time by observing power draws while the card is in use (i.e. the old "one" uses more power than "zero" problem.) Until this problem is dealt with anyone who uses a smartcard for crypto is just adding features for a marketting brochure and not adding any real security.
  • This sure flys against RMS's article
    of just two days ago! He was saying
    that he didn't see it as reasonable
    to GPL hardware cause it's too
    expensive.

    Well - what about GPLing the DESIGN!

    Sheesh

    All the more power to these guys..

    Steve
  • Generally, the sensitive data is sent in small chunks. A normal SSL session, for instance, will contain a whole bunch of images and HTML and maybe a dozen bytes of credit-card info.

    It would be an easy thing to find out which chunk of data is important in the SSL e-commerce instance. Changing keys is always a good idea, but it's no sustitute for strong crypto.
  • Servers need dedicated hardware crypto. A lot of servers will have pages cached in memory. Run 1000 connections from RAM over a T3 or bigger pipe and software crypto begins to become very slow.
  • by Mr Z (6791)

    What's stopping you from having three of these chips, do to Triple DES at the full rate that one chip does DES?

    (Ok, other than cost and board real-estate...)

    --Joe

    --
  • Now that gives me the privacy heebee geebees. (Someone, go moderate up the parent to this post.)

    I hope that anonymizers start playing a more prominent role in such a society, otherwise requiring cryptographically strong signatures on everything will become a rather effective tool for oppression.

    Of course, such a system will only really work if people protect their digital signatures much better than anything else they currently protect. For goodness sakes, our ATM accounts are protected by a 4-digit PIN, and my credit cards are protected by my mother's maiden name. *sheesh* Then again, if we're forced to use biometric data gathered with standardized, regulated machines in order to generate digital signature data, a digital signature is as good as or better than a fingerprint.

    --Joe

    --
  • Well, the device does DES and RSA, implying there's alot of good communications infrastructure, and that the encryption cores themselves are largely decoupled from the rest of the design. At least, that's what I'd hope they did, since it would make the part more valuable overall: You could plop the encryption cores into other chips that had different communication requirements easily, and you could drop different encryption cores into this chip easily.

    If that's the case, then we can reuse all the communication bits, and replace the DES core with an RC5 key-crunching core. This is alot like the way d.net clients share the most of the same block management and network communication code between the DES and RC5 cores it has internally -- the key cruncher is actually a small (yet very important) part of the overall problem.

    Ah, isn't 'open source' fun?

    --Joe

    --
  • by Mr Z (6791) on Wednesday June 23, 1999 @04:39AM (#1837517) Homepage Journal

    The natural question for many /.'ers that also participate in distributed.net is whether or not this will be useful for crunching keys.

    I'm guessing, in it's base form, the device is tuned for (en|de)crypting large volumes of data with a fixed key, and that key reloads are expensive. Translation: It won't help a d.net-style keysearching effort much as-is.

    Does anyone have more information on this to confirm or deny this conjecture?

    Also, is anyone out there crazy enough (and skilled enough w/ VHDL) to hack this device into the world's fastest RC5 block cruncher? :-) Places like MOSIS [mosis.org] will fab "educational" and "prototype" designs in small quantities for reasonable prices.

    --Joe

    --
  • In the case of chips like this one, Saddam Hussein, the Chinese government, and various other bodies certainly favor open source. How many months before it's being used in their military communications?

    Oh, I wouldn't worry about the Chinese. No doubt they've already got whatever the American military is using anyway, if their nuclear weapons program is anything to judge by.

  • I don't think anyone in the US government actually thinks that only the US has good crypto and that export restrictions really limit the availability of strong crypto outside the US.

    They may appear to act dumb at time, but this is a result of politics, not stupidity.

    Export restrictions are actually working very well to limit the widespread acceptance of interoperable encryption standards. Without export restrictions we could have had most traffic encrypted as the default option by now.

    This is done using the technology export regulations because that's the tool they have. If they didn't have that they'd find some other way to do it.

  • I think instead of uncle sam ther should be big brother sam :)
  • Ha!!! I finished it in 3 days. Of course, in order to read about 300 pages a day I had to ignore my bladder's pitiful pleas for me to visit the restroom.
  • > But what WILL happen when all of our
    > transactions and communications can be
    > encrypted? Interesting question...

    Then we will be able to enjoy the kind of privacy our great-grandparents took for granted. The kind of privacy the founding fathers of the United States took as a given, so much so that they (unfortunately) didn't bother to explicitly write it into the constitution, even though other amendments (such as the fourth) clearly imply that such privacy was simply a fact of life, like getting up in the morning and feeding your horse.

    Chips like this may or may not usher in a new age where levels of personal privacy return to the level they were at a few decades ago, but at least they'll require that the spooks do a little work (hopefully hard work) whenever they feel compelled to violate ours.
  • Is this true if you change the keys? - I think I understand how it would be less secure if the same key was used again. However, not being a crypto person, I'm just wondering if DES -> RSA 64bit -> DES wouldn't be stupidly hard to crack?

  • So when will this headline become standard? I think having a computer with a powerful large bit crypto chip could be convienent.
  • hack this device into the world's fastest RC5 block cruncher

    That would be quite a hack, since the chip is designed to do DES... :-)

  • Yet more evidence that the U.S. Gov't's policy on export control of crypto products is obsolete. Sorry spooks, its already overseas, and its well known enough that students can even put it in hardware. Give up already.

  • Are you implying that you've already finished that giant?!
  • One day... and that was after an all-night rave. Now I'm just waiting for his next book, containing the two subplots he couldn't add in due to book size restraints, to come out so I can have some real time reading again.
  • I think the problem that RMS touched on in his article is that you can GPL the representation of the design, but to protect the ideas would require a patent, a much more difficult and expensive thing to get.
  • Here [heise.de]'s a working link to the article.
  • No offense, but nonsense.

    Since the algorithms can be published, stopping exports of encryption software doesn't do a damned bit of "good" to stop people in other contries from using it. You don't think Saddam already has military-grade encryption?

    The reason the US government doesn't want strong encryption to be exportable is so that it won't be used inside the US. If there is no financial incentive to develop strong, mass-market crypto because the international markets are closed, then those products will not be available for domestic mass-market use.

    Imports, of course, are available, but are generally too much of a hassle to the average US Windows/Mac user to acheive wide-spread use. And banning these imports will be the next logical step, to "protect the children" or some such nonsense.

    Compare this to the story on the DOJ challenge easing crypto bans [slashdot.org]. The government wants the ability to read everybody's email or other electronic communication.

  • Some moderator please post the previous comment up!

    DES is the weak link in the encryption chain, so if you're transmitting vitally sensitive data, you can use the hardware to change the cipher key at a rapid enough rate that even if someone breaks one of the DES keys, they will only recover a tiny piece of information that should be useless by itself...
  • I don't think the government is even worried about not being able to read other countries' messages. I think they're much more concerned about not being able to monitor communications in the US. With all this Echelon stuff lately you have to wonder if they're more interested in spying on their own country rather than other ones. They can already listen to our phone calls any time they want to, so i'm sure they want to continue to be able to read our email if they want to also. What a buncha crap. I think everything should be encrypted. Believe it or not there are things that are none of the government's business.
    Bastards.

    -=Cozmo=-
  • NOTHING the government can do will prevent other countries from using crypto. You will never be able to keep chips like this out of the hands of the "bad guys" (any country other than our own, and including our own). There is nothing you can do about it. I can't believe the US is trying to control the crypto in other places. They have as much right to use it as we do. The US gov. gets so pissy sometimes its unreal.
  • Bad example. It was later discovered that these changes just happened to make DES *stronger* against differential crypto-analysis. Something the public crypto world didn't discover until years after NSA made those modifications.



  • Does anyone know how large a chip like this would be? It seems like at .35 with 100,000 gates it would be relatively tiny. So we should be able to fit 50+ of these on one PCI card. Have one 16 bit microcontroller + 16k ram on it. You should then be able to sell the PCI card and write a tiny driver to send/receive data from it. Or maybe combine 15 of these at a time on one chip and pop 4 of the chips on a PCI card, whatevers more economical. This would make an interesting card to pop in your slot. I've been wondering what to put in my last empty PCI slot...
  • The Cryptonomicon is almost here. Neal, I thought you wrote Science "Fiction".

    Ever since reading that, I've been getting more and more paranoid with my communications. I applaud these efforts.

    Oh yeah, gotta be careful with those Crypto exports... (snigger)

    But what WILL happen when all of our transactions and communications can be encrypted? Interesting question...
  • I finished it like two weeks ago! :-)

    I couldn't put it down, I did it in 4 days.

    GREAT book, more engrossing than Snow Crash, as engrossing as Diamond Age.
  • Another thought I had.

    Do any of you think this could make eCommerce more tasty? No taxes make it cheaper, and no records means the IRS has no receipt trail...
  • Set up a company to provide 'shell' digital ID's ad don't verify any personal details yr customers give you. Get rich & protect anonymity...a free acc with you is all the thanks I reqiure.
  • The point of a chip like this is to have authentication happen on secure hardware, not an insecure host. This is useful in a lot of applications, especially smart card readers.

    For example, monetary transactions - your smart card holds your key and the smart card reader does all of the authentication and sends a signed request to the merchant. That way, you don't have to worry about credit card numbers flopping around all over the place. The transaction takes place between your card and the vendor.

    Another possible use could be for logging in - no more worrying about passwords because you can sign in with your key (stored on the smart card) and pin number.

    Besides, we in America already have cool stuff like this. Check out http://www.nabletech.com [nabletech.com] and their N*Click chip
  • Europe doesn't need crypto if we keep speaking french :)
  • The "founding fathers" lived in smallish communites where NOBODY had much privacy.

    Huh? Are you seriously asserting that the Founding Fathers routinely had other people read their mail (that being the relevant privacy issue here)?
    /.

  • >such privacy was simply a fact of life, like
    >getting up in the morning and feeding your horse.

    Are you implying that privacy is no longer a fact of life? I know that *I* certainly don't get up every morning and feed my horse. My cats, yes, but no horse. Society and technology are much different from what the "Founding Fathers" lived with. I'm not saying that privacy isn't good, I'm just saying that "people 200 years ago took it for granted" is a piss-poor argument in its favor. People a thousand years ago took for granted that the earth was flat and the center of the universe. Just because a belief is obvious and universal doesn't make it true. There are better arguments for privacy than, "they took it for granted".
  • Anyone know where I can find an English translation of this article.
  • A few decades ago everybody was looking under their bed each night for communists. A few decades ago people were being hauled in front of boards to testify about actions they had taken in their youth that everybody had thought were forgotten.

    The "founding fathers" lived in smallish communites where NOBODY had much privacy. Men like Jefferson deplored the growth of the kind of big metropolis that fosters the paranoid anonymous 'privacy' many people now demand.

    But don't let the historical truth interfere with your ideology.
  • In the case of chips like this one, Saddam Hussein, the Chinese government, and various other bodies certainly favor open source. How many months before it's being used in their military communications? Crypto so cheap any despot can afford it.

    Hackers won't be building, testing, debugging and rebuilding this 'open source' in little backyard fabs.
  • When crypto becomes common, it will soon afterwards become mandatory. We will be required to include encrypted digital signatures in all email and usenet messages. This will lead to mandatory tracability of all traffic and end-to-end validation of all communications. Traffic that isn't signed will be deleted at servers as spam. Unsigned messages will be banned from email servers. It's an inevitable part of the 'net becoming mainstream and secure enough for commerce.
  • Project Echelon basically involves series of discreet listening posts placed world wide. These listening posts are capable of intercepting Infared signals, Radio Waves (RF Transmissions, ie cordless phones), ANYTHING sent via telephone lines (land lines, or cellular based)...

    In short, they basically listen in on anything we can do, crypto or not...

    On a side note, we all remember the Clipper Chip, right? The one that the NSA banned because they couldn't crack it, and the designer wouldn't allow the NSA to "put a back door in.. for the interests of National Security."
  • That is the whole point of brute-force attack against cryptosystems!! You only need a system which is capable of decrypting a given ciphertext with a given key. Therefore this chip DOES crack encryption. The EFF used a similar setup to crack DES, too.

    I don't believe NSA will give a damn about this student project. With today's technology, DES is a joke anyway. It is a good algorithm if you have something to hide from your brother in the high school. I also don't believe that NSA will give a damn about any chip that encrypts/decrypts publicly available algorithms-designing a chip is not very difficult nowadays if you know a bit or two about FPGAs and hardware description languages.

    However, if you find a way to crack these algorithms WITHOUT using a brute search, and publish it; expect a black helicopter from NSA on your backyard very soon.
  • Even better than PIN codes, how about biometric info. Take a look Cryptoflex [slb.com] from Schlumberger [slb.com] for some funky examples...
  • by wamnet (62846)
    Yea, it allows designers the freedom of using the VHDL for SOS/SOC stuff.

    As to others; I know a few chip offerings that are commercially available. With this latest news it may put pressure on these vendors to keep prices down...
  • Some of the information in the article may be a little bit misleading (what one person says, the second understands and the third person translates from german into english... ;-) ). So let me try to clarify some things:

    1. We (or Alcatel) are currently not planning any high-volume fabrication of the chip. What the students have designed until now is a gate-level netlist based on an Alcatel standard cell technology. The design is now being simulated thoroughly. The next step may be to get a few prototypes fabricated for educational and research purposes.

    2. The Intel 80286 processor has got 134,000 transistors (not gates!). The crypto chip has got a complexity of about 100,000 gates which corresponds to approximately 400,000-450,000 transistors. This number is comparable to the Intel 80386 processor (275,000 transistors).

    Some remarks on/answers to previously asked questions:

    - The estimated size of the chip is 10mm.

    - The DES part is in fact optimzed for en-/decryption and not for crunching keys: DES keys are loaded using RSA encryption which is comparably slow.

    Gundolf Kiefer
  • The NSA is not going to be happy about this chip. If you set up a network based on this chip in the NIC ...
    so much for my packet sniffer...

    watch the US bans the chip as a "threat to Natinal Security".

    8)

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...