[cryptography] exponentiation chips

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Jul 24 00:09:19 EDT 2011

Steven Bellovin <smb at cs.columbia.edu> writes:

>Who is selling exponentiation chips (in reasonably large quantities) these 
>days?  Price and power consumption are important for this application, but I 
>need to be able to verify a few K RSA (or possibly ECC) signatures/second.

Broadcom would be your best bet, they're the most obvious player left 
standing.  Their 582x's are about a decade old, but they're still shipping now 
(not much need to update them, the only real change in that time is that they 
added AES).  If you want really high-end, look at Cavium, but you can get a 
bucketload of 582x's for a single Nitrox II, and even a single 5822 will do 
several thousand 1024-bit RSA sigs/sec (and you can implement it with almost 
nothing, just glue it straight to a PCI bus).  You didn't say whether you 
wanted to build a single very fast engine (use a Cavium rather than a rack 
full of 582x's) or a large number of discrete units (go with BCM).

OTOH if you really do mean *verify* (rather than generate), at say 5ms per 
Core2 core, with eight cores, you could almost do it in software.  OK, in that 
case price and power consumption aren't so good...


More information about the cryptography mailing list