[cryptography] Current state of brute-forcing random keys?

Solar Designer solar at openwall.com
Fri Jun 10 01:11:09 EDT 2011

On Fri, Jun 10, 2011 at 08:44:39AM +0400, Solar Designer wrote:
> Some more relevant numbers are: 27k gates, 250 MHz, 3 Gbps in a 130 nm
> CMOS process:
> http://www.heliontech.com/downloads/aes_asic_helioncore.pdf
> Still, 3 Gbps gives something like 23 million AES block encryptions per
> second, which is an order of magnitude slower than one per cycle.

Here's a smaller implementation:


"90nm implementation of AES-ECB with 256-bit key"
"13 000 gates", "2742 Mb/s"
"Key-expander included"

That's 21 million AES blocks per second in 13k gates.

The clock rate is not mentioned, though.  Perhaps it's already higher
than 250 MHz, maybe twice higher.

"The AES IP has a strong track record of silicon implementation with
volume production in 130nm and 65nm."

Hmm, volume production in 130nm and 65nm, but somehow the speed numbers
are given for 90nm - weird.


More information about the cryptography mailing list