Survey of Commercially available chips and IP cores implementing cryptographic algorithms

Transcription

1 Survey of Commercially available chips and IP cores implementing cryptographic algorithms Prepared by - Micheal Dugan, Prajakta Gogte, Prerna Arora Prepared for - ECE 646, Prof. Kris Gaj December 19, 2005

2 Overview Goals IPcores: Detailed explanation, types, uses, etc Comparison parameters Best of class Cryptographic Chips Detailed explanation, types, uses, etc Comparison parameters Best of class Conclusion

3 Goals Perform a market survey to determine published IP core & Cryptographic chip data Populate separate comparison matrices for IP cores & Crypto chips Use comparison matrices and analyze performance parameters to form a best of class comparison

4 Need for IP cores Number of gates in a chip can reach several millions due to rapidly growing chip technology reuse of the existing designs becomes a very important concept in design methodology accelerates the development of new products to meet today s time-to-market challenges Another advantage of reusing the existing blocks is to reduce the possibility of failure based on design and verification of a block for the first time.

5 IP cores These pre designed modules are commonly called Intellectual Property (IP) cores. It is a block of logic or data that is used in making a field programmable gate array (FPGA) or an applicationspecific integrated circuit (ASIC) for a product. An IP core should be entirely portable - that is, able to easily be inserted into any vendor technology or design methodology.

6 IP cores The difference between a block on a single design (chip) and an IP core is that the signaling protocol and the clock parameters can be significantly different between chips. An IP core needs to be flexible enough to handle these differences Some examples of IP cores are Universal Asynchronous Receiver/Transmitter (UART), central processing units, Ethernet controllers, and PCI interfaces.

7 IP core categories Hard IP cores Hard cores are physical manifestations of the IP design. Integration is simple and the core can be dropped into a SOC physical design with very less effort. Technology dependent. Provide minimum flexibility and portability in reconfiguration and integration across multiple designs and technologies. They are best for plug-and-play applications.

8 Soft IP cores Delivered as RTL (Register transfer level) VHDL codes to provide functional descriptions of IP cores. Offer maximum flexibility and re configurability to match the requirements of a specific design application. Being synthesizable, are compatible with the ASIC design flow. Therefore, the quality of a soft IP is highly dependent on the effort needed in the IP integration stage of SOC design.

9 Firm IP cores They use the advantages of both hard cores and soft cores. Balance the high performance and optimization properties of hard IP cores with the flexibility of soft IP cores. These cores are delivered in the form of netlists (a list of the logic gates and associated interconnections making up an integrated circuit). They have a higher level of optimization and are targeted for a specific device architecture. They are less portable than soft cores.

10 Commercially Available Cryptographic IP core Vendors (by Algorithm) Algorithm AES Vendors IPCores, Actel, Altera, Helion, Cast, Athena group, Inc, Vocal Technologies, Ltd. DES Triple DES MD5 SHA-1 Actel, Alliance core (Xilinx), Helion, Cast, Athena Actel, Algotronix, Helion, Cast, Athena Helion, Cast, Amphion, Silicon designs International, Inc Helion, Cast, Amphion, Silicon designs International, Inc, Athena group, Inc SHA-256 Helion, Cast, Cadence, HDL design use

11 IP Core Comparison Parameters Throughput- It is the data throughput in (bits/sec) which is a product of clock frequency in MHz and the number of bits of data per the number of clock cycles (bits/cycles) Maximum frequency (Master clock)- performance in MHz Number of clock cycles- Number of clock cycles of operation Core support for encryption and decryption- specifies whether the same core can be used for both encryption and decryption

12 Area/Resources- Represents the total number of cells/slices/gates used for the design of the IP core Key size- Number of bits of the key Message digest output- Number of bits of the hash value (Message digest) Modes of operation- specifies the modes the core supports

13 AES comparison chart Vendor Key size (bits) Cores IP Cores 128 Advanced versions support both encryption and decryption with the same core Actel 128 Encryption and Decryption possible with the same core Amphio n Helion 128, 192, 256 Cast 128, 192, 256 Athena 128, 192, Separate for Encryption and Decryption Separate for Encryption and Decryption Encryption and Decryption possible with the same core Encryption and Decryption possible with the same core Modes of operation ECB, CBC, OFB, CFB, CTR ECB, CBC, OFB, CFB, CTR ECB, CBC, OFB, CFB, CTR ECB, CBC, OFB, CFB, CTR ECB, CBC, OFB, CFB, CTR Throughput Area Clock frequenc y (MHz) 0.8, 1.6, 3.2, 6.4 bits per clock cycle- as a function of data path width of 8, 16, 32, 64 bits 224, 102, 291 Mbps Depending on the family Standard > 500 Mbps Fastest > 2 Gbps 157, 157, 183, 295, 316, 400 Mbps depending on the family 2948 gates (TSMC 0.18 micro) / 639 LUT(Altera FPGA) /236 SLICES(Xilinx FPGA) cells/tiles 5193, 5555, 3112 Pipelined 203K gate design Standard < 6K Fastest < 57K 450, 450, 425, 365, 365, 244 LEs 75, 35, > , 54, 63, 102, 109, 138 > 1Gbps 100

14 DES comparison chart Vendor Key size (bits) Modes of operation Actel 64 ECB, CBC, OFB, CFB, MAC Throughput Area Clock frequency 320 Mbps 1271 gates 80 MHz- ProASIC3/E family Amphion kgate design Helion 64 ECB, CBC, OFB, CFB, MAC 200MHz Clock cycles 16 clock cycles to encrypt/decry pt 64 bits > 1.25 Gbps < 6K gates > 180 MHz 8 -encryption cycle load/unload Cast 56 ECB, CBC, OFB, CFB 438,438,355,568 LEs Depends on the family supported 83,84,97,190 MHz depending upon supported family 16 clock cycles-for encryption and decryption Athena 56 ECB, CBC, OFB, CFB > 500 Mbps For all vendors - Same core is used for encryption and decryption

15 Triple DES comparison chart Vendo r Key size Cores Modes of operation Throughput Area Clock frequency Clock cycles Actel 168 bits 3-56 bit keys Encryption and Decryption possible with the same core All DES modes- ECB, CBC, OFB, CFB 300 Mbps- ProASIC3/E 1413 cells/tiles 75 MHz- ProASIC3/E family 48 clock cycles to encrypt/decryp t 64 bits Amph ion 112-bit and 168-bit key length, 2 or 3 keys Encryption and Decryption possible with the same core 56.7 kgate design 200MHz Helion 112-bit and 168-bit key length, 2 or 3 keys Same core offers dynamically selectable DES/3DES and encrypt/decrypt modes All DES modes- ECB, CBC, OFB, CFB, MAC > 460 Mbps < 6K gates > 180 MHz 24 clock cycles Cast 112 or 168 bits 2 or 3 keys Encryption and Decryption possible with the same core All DES modes- ECB, CBC, OFB, CFB Serial mode bits/cycle Partially pipeleined- 4 bits/cycle 1720, 1699, 1757 LEs Depends upon family supported 64, 82, 190 MHz Serial mode- Encryption nad decryption in 48 clock cycles Partially pipelined- 16 clock cycles Athen a 112 bit keys Encryption and Decryption possible with the same core All DES modes- ECB, CBC, OFB, CFB > 500 Mbps

16 Vendor Throughput (Mbps) MD5 comparison chart Clock frequency Helion MHz 65 per algorithm step + 1 clock loading per 512 bit block Cast 25, 26, 39, 60, 69, 115 MHz Amphion Silicon designs Internatio nal, Inc >212MHz operation Clock cycles Area Applications 65 master cycles (1 clock per algorithm step + 1 clock load) MHz 64 clocks to process single block (512 bits) of data 16 K gates Hardware implemetation of Internet standard HMAC(RFC2104) used for IPSec and SSL protocols, digital signatures 2262, 2261, 2285, 2290, 1527, 1259 LEs for Flex, Acex, Apex, Apex 2, Cyclone, Stratix 1, Stratix 2 families 24-kgate design 324 CLBs (1296 logic cells) For all vendors - Message digest output is 128 bit MD Electronic fund transfer, data transfer,encrypted data storage electronic financial transactions, personal mobile communications, secure corporate communications and secure environments. used with the DSA in electronic mail, Electronic funds transfer, software distribution, data storage, And other applications, which require data integrity assurance and data origin authentication. The MD5 may also be used whenever it is necessary to generate a condensed version of a Message.

17 Best of class IP cores AES algorithm: Based on throughput with one key size = 128 bits Best core: Altera AES algorithm: Based on throughput with varying key sizes of 128, 192, 256 bits Best cores: Vocal, Helion, Athena Vendor IPCores Actel Altera Vendor Helion Cast Athena Vocal Technologies Throughput 80 Mbps 224 Mbps > 2.5 Gbps Throughput > 2 Gbps 400 Mbps > 1 Gbps > 2.5 Gbps

18 AES algorithm- Based on core support for both encryption and decryption Vendor IPCores Actel Altera Helion Cast Athena Same core / separate core Same core for encryption and decryption Same core for encryption and decryption Separate core for encryption and decryption Separate core for encryption and decryption Same core for encryption and decryption Same core for encryption and decryption

19 AES algorithm- Based on the area/ number of resources Best cores: Cast, IPCores, Helion Vendor Area in number of Logic cells IPCores 472 Actel 3112 Altera 6117 Helion 500 Cast 300

20 AES algorithm- Based on the clock frequency Best core: Helion Vendor Frequency (MHz) IPCores 200 Actel 100 So, based on these observations, the best of all AES cores is the Helion Technology AES core, the next best could be Actel AES core. Altera 120 Helion > 200 Cast 138 Athena 100

21 DES algorithm- Based on throughput Helion, Athena, Alliance have the top 3 DES throughputs Vendor Actel Alliance Helion Athena Throughput 320 Mbps 500 Mbps > 1.25 Gbps > 500 Mbps DES algorithm- Based on clock frequency So, based on these observations, the best of all DES cores is the Helion Technology DES core. Vendor Frequency(MHz) Actel 80 Alliance 63 Helion > 180 Cast 190

22 Triple DES algorithm- Based on throughput Athena, Helion, Xilinx have the top 3 DES throughputs Vendor Actel Helion Cast Athena Xilinx Throughput 320 Mbps > 460 Mbps 240 Mbps > 500 Mbps 500 Mbps Triple DES algorithm- Based on clock frequency Helion, Cast, Algotronix have the top3 3DES frequencies. Vendor Frequency (MHz) Actel 75 Algotronix 90 Helion > 180 Cast 190

23 Triple DES algorithm- Based on area / resources So, based on these observations, the best of all Triple DES cores is the Helion Technology Triple DES core. Vendor Area in number of Logic cells Actel 1413 Algotronix 1450 Helion 1000 Cast 1720

24 MD5 algorithm - Based on clock frequency Amphion, Helion, Cast have the top 3 MD5 frequencies. MD5 algorithm - Based on area / resources So, based on these observations, the best of all MD5 cores is the Amphion MD5 core and the next best is the Helion Technology MD5 core. Vendor Frequency (MHz) Helion 145 Cast 115 Amphion > 212 Silicon design, Inc Vendor 50 Area in number of Logic cells Helion Approx 2500 Cast Approx 4000 Amphion 2262 Silicon Design Itnl, Inc 1296

25 SHA-1 algorithm - Based on throughput Helion, Cast, Athena have the top 3 SHA-1 throughputs. SHA-1 algorithm - Based on frequency Helion, Cast, Athena have the top 3 SHA-1 frequencies Vendor Throughput (Mbps) Helion 1810 Cast 1156 Silicon Design Itnl, Inc Athena 640 Vendor Frequency (MHz) Helion 290 Cast 183 Silicon Design Itnl, Inc 66 Athena 100

26 SHA-1 algorithm - Based on clock cycles So, based on these observations, the best of all SHA-1 cores is the Helion Technology SHA-1 core. Vendor Number of clock cycles for 512 bit data Helion 82 Cast 65 Silicon Design Itnl, Inc 80 Amphion 82

27 SHA-256 algorithm - Based on throughput Helion, Cast, Cadence are the top 3 Vendor Helion Cast Cadence HDL Design Throughput 1963 Mbps Mbps 971 Mbps 1395 Kbps(Red Hat Linux system) SHA-256 algorithm - Based on frequency So, based on these observations, the best of all SHA-256 cores is the Helion Technology SHA-256 core. Vendor Frequency (MHz) Helion 253 Cast 62 Cadence 133 HDL Design 550

28 Cryptographic Chips

29 What are cryptographic chips? Fully implemented hardware chips that provide not only cryptographic logic but also all necessary interfaces and I/O connections Ready for implementation. Off-the-shelf

30 Typical Applications Virtual Private Networks (IPSec) SSL server connection Firewalls Routers (from small to enterprise) Secure storage Wireless Access Points RF communications

31 Ten Vendors found Atmel Broadcom Cavium SafeNet Harris HIFN IBM Mykotronx Sinosun Philips Among these vendors there are 44 different cryptographic chips

32 Parameters Found Encryption & Hash Algorithms and modes supported RNG Speed and whether its HW or pseudo Throughput for AES-128, -192, -256 Throughput for DES and Triple-DES Throughput for IPSec-AES or 3DES Throughput for SSL RSA bit length, signatures or verifications/sec, and time to generate key pair DSA signatures or verifications/sec Diffie-Hellman key exchanges/sec Clock Freq (both core and interface) Package type (TQFP, PBGA, etc) & dimensions Supported Interfaces (pci, pcix) Certification (FIPS, EAL, CC, etc) Voltage (both signal and Vcc)

33 Best of class Highest Throughput for IPSec-AES Highest Throughput for IPSec-3DES Fastest Implementations of RSA Fastest Implementations of DSA Fastest Implementations of Diffie-Hellman Which chips implement the most algorithms Speed of RNG

34 Highest Throughput for IPSec-AES Crypto chip Throughput Application Cavium Nitrox II Broadcom BCM5841 HIFN 8350 HIFN 4350 (tied for 3rd) Cavium Nitrox & SafeXcel 1842 (tied for 4th) HIFN 8300 HIFN 4300 (tied for 5th) 10 Gbps 4.8 Gbps 4 Gbps 3.2 Gbps 2 Gbps VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup High performance, and can be used with multiple 5841's in an enterprise router Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage VPN Gateway, Router Gateways / Applications like Mid to high range VPN security devices Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage

35 Highest Throughput for IPSec-3DES Crypto chip Throughput Application Cavium Nitrox II HIFN 8350 HIFN 4350 (tied for 2st) 10 Gbps 4 Gbps VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage Cavium Nitrox 3.2 Gbps VPN Gateway, Router Gateways Broadcom BCM5840 HIFN Gbps 2.3 Gbps High performance (wire speed) security applications. This would be connected to the NPU to create a secure solution for an enterprise router or layer 3 switch Applications for High-end entrprise security services in multi service appliances

36 Fastest Implementations of RSA (Signatures/sec using 1024bit) Crypto chip Cavium Nitrox I Cavium Nitrox II Broadcom BCM5825 Sig/sec (1024-b) Application VPN Gateway, Router Gateways IBM Otello 3300 SafeXcel VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup High performance embedded VPN solutions Proprietary chip embedded in the PCIXXC board Applications like Mid to high range VPN security devices

37 Fastest Implementations of DSA (Signatures/sec 1024 bit) Crypto chip Sig/sec (1024-b) SafeXcel SafeXcel 1841&1840 (tied for 2nd) 1250 HIFN Broadcom HIFN Application Applications like Mid to high range VPN security devices Applications like Mid to high range VPN security devices Applications for High-end entrprise security services VPNs, Firewalls, Server security For VPN and secure electronic commerce devices For High-end (gigabit Ethernet) channels to secure storage and data repositories

38 Fastest Implementations of Diffie- Hellman (exchanges/sec) Crypto chip Cavium Nitrox I Cavium Nitrox II Broadcom BCM5825 Cavium Nitrox Lite SafeXcel 1842 D-H Key Gen/sec Application VPN Gateway, Router Gateways VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup High performance embedded VPN solutions 1500 SOHO-VPN gateways and routers 1425 Applications like Mid to high range VPN security devices

39 Chips That Implement the most algorithms SafeXcel 1840, 1841, 1842 Broadcom 5812, 5823, 5825 Cavium Nitrox Lite, Nitrox I, & Nitrox II HIFN 7814, 7815, 7851, 7854, 7855, 7954, 7955, 7956, 8054, 8065 Symmetric: DES, 3DES, AES (128, 192, 256), ARC4 Modes of Operation: ECB, CBC, OFB, CFB Hash Algorithms: MD5, SHA-1, HMAC-MD5. HMAC-SHA-1 Public Key: RSA, DSA, DH

40 Speed of RNG Crypto chips Cavium Nitrox II Cavium Nitrox I Cavium Nitrox Lite RNG Speed TRNG Application 320 Mbps Y VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup 200 Mbps Y VPN Gateway, Router Gateways 100 Mbps ** SOHO-VPN gateways and routers SafeXcel 1840, 1841, 1842 SafeXcel Mbps Y 1Mbps Y Applications like Mid to high range VPN security devices Applications like low to Mid range VPN security devices ** The datasheet did not specify

41 Best of Class 1st Cavium Nitrox II 2nd Cavium Nitrox 1 3rd SafeXcel th HIFN th HIFN 4350

42 Conclusion In Summary: The Best IP core among all Algorithms is by: Helion Technologies The Best Cryptographic Chip among all parameters is: Cavium Networks Nitrox II

43 Questions?