[Cryptography] Raspberry Pi-like FPGA ??

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jul 18 20:30:33 EDT 2017


Ron Garret <ron at flownet.com> writes:

>But I really would like to know why you think that a dedicated ARM chip with
>a crypto app running on the bare metal is not good enough.  You can get a
>Rapsberry Pi Zero and put it in a metal case for about $10.  Why is that not
>good enough?

Mostly tinfoil hattery (but see further down).  With an FPGA you define the
ARM (or whatever) CPU controlling things to be outside the hat and the FPGA to
be inside.  Comment from a talented crypto HW designer who's been doing this
for decades (details anonymised):

  Bottom line is that doing this (and crypto in general) in an FPGA is
  pointless nowadays. The RTL is not portable if you care about performance at
  all. There are umpteen ASICs to choose from that do this well and also are
  DPA/timing/etc. resistant.

  “But we need to do it this way because we don’t want to trust anyone’s RTL!”
  Really?  OK, so why do you trust their synthesis tools or the RTL of the
  controlling ARM?

  How do I know I’m even talking to your crypto FPGA and that someone didn’t
  take over the controlling ARM CPU, etc. etc. etc.

Oh, and another reason is that it's fun and cool to do your own crypto in an
FPGA.  Never underestimate the fun/coolness aspect, it's kinda neat to be able
to say "we built our own crypto hardware starting from bare gates (well,
CLBs)".

Peter.


More information about the cryptography mailing list