Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.forth > #23035

Re: Efficient Implementation of Cryptographic Primitives on the GA144 Multi-core Architecture

From Andrew Haley <andrew29@littlepinkcloud.invalid>
Subject Re: Efficient Implementation of Cryptographic Primitives on the GA144 Multi-core Architecture
Newsgroups comp.lang.forth
References <6576fefe-0315-4f88-a6d6-7db3b657caea@googlegroups.com> <6265faa3-a4fa-406b-b066-694389b5aba0@10g2000yqy.googlegroups.com> <7xobbtlq9j.fsf@ruckus.brouhaha.com>
Message-ID <-oGdnW8kTr1GoDvMnZ2dnUVZ_u-dnZ2d@supernews.com> (permalink)
Date 2013-05-29 12:41 -0500

Show all headers | View raw

Paul Rubin <no.email@nospam.invalid> wrote:
> Mark Wills <markrobertwills@yahoo.co.uk> writes:
>> That was a really good paper. Probably the best paper yet that I've
>> read on the GA144. It does show that with patience and careful
>> planning some quite complex work is possible on the device, with good
>> power metrics to boot.
> 
> I'd like to have seen comparisons with small and medium ARM MCU's
> (Cortex M0+ and M4) instead of 8-bitters.  It felt almost like a rigged
> comparison, the way they did it.  I did think it was cool that they did
> all the work of implementing those complex algorithms in the GA, but it
> mainly goes to show how near-impractical the GA is to actually program.

The most significant problem seemed to be that the memry *per node*
was too small for what they were trying to do.  They sometimes had to
split a lookup table in two nodes just because it wouldn't it fit in
the per-node memory.

> On the other hand, the RSA benchmark made the GA look worse than it
> is, because real-world implementations use the Chinese Remainder
> Theorem (using the secret factors of the modulus) to speed up
> full-width exponentiation by 6x or so.  They mention that as a
> future goal, which I guess means they found it too hard to finish in
> the effort available for the paper.

Which is odd, because the CRT calculation is hardly the difficult part
of implementing RSA.  I suppose the problem was that there wasn't time
to do subtraction; they'd already had to do multiplication.

"For our design, we chose to use RSA-1024 with parameters of length
1024 bit. Thus, one RSA parameter fits exactly into the memory of one
F18A node"  So, any other key size would hurt.

Andrew.

Back to comp.lang.forth | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Ef­fi­ci­ent Im­ple­men­ta­ti­on of Cryp­to­gra­phic Pri­mi­ti­ves on the GA144 Mul­ti-core Ar­chi­tec­tu­re John Rible <google@sandpipers.com> - 2013-05-29 00:56 -0700
  Re: Ef­fi­ci­ent Im­ple­men­ta­ti­on of Cryp­to­gra­phic Pri­mi­ti­ves on the GA144 Mul­ti-core Ar­chi­tec­tu­re Mark Wills <markrobertwills@yahoo.co.uk> - 2013-05-29 07:39 -0700
    Re: Ef­fi­ci­ent Im­ple­men­ta­ti­on of Cryp­to­gra­phic Pri­mi­ti­ves on the GA144 Mul­ti-core Ar­chi­tec­tu­re Paul Rubin <no.email@nospam.invalid> - 2013-05-29 09:11 -0700
      Re: Efficient Implementation of Cryptographic Primitives on the GA144 Multi-core Architecture Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-05-29 12:41 -0500
        Re: Efficient Implementation of Cryptographic Primitives on the GA144 Multi-core Architecture Paul Rubin <no.email@nospam.invalid> - 2013-06-01 12:40 -0700
  Re: Ef­fi­ci­ent Im­ple­men­ta­ti­on of Cryp­to­gra­phic Pri­mi­ti­ves on the GA144 Mul­ti-core Ar­chi­tec­tu­re Jason Damisch <jasondamisch@yahoo.com> - 2013-05-31 18:57 -0700

csiph-web