Announcing the end of "RSA chips!"

by Thierry Moreau
(1997/02/28)

(C) Copyright 1997 CONNOTECH Experts-conseils Inc.
Permission to distribute is granted, provided the source is fully cited.


OK, this title is a bit eye-catching, but let's set the record straight about a clear technological trend in the implementation of fast Public Key Cryptography (PKC). Expectably, a breakthrough is about to happen ...

For fast PKC, the following four digital processor architectures are considered:

  1. The general purpose CPU used in computers, CISC (e.g. Intel 80x86) or RISC (e.g. DEC Alpha).
  2. The low-end 8-bit µcontroler, with extremely low processor speed and memory sizes.
  3. The dedicated integrated circuit (IC), where an algorithm like RSA is "implemented in silicon".
  4. The digital signal processor (DSP), which are CPU designs oriented towards embedded applications where heavy mathematical computations must be performed in real-time (e.g. the breaking system of a vehicle, an ultrasonic scanner, a compact disk player).

The performance challenges for PKC stem from the large integer arithmetic ("BIGNUM") and the inherent complexity of the division operation (actually, the remainder of the division is what really counts). Once the very specialized algorithms are mastered, they must be implemented with a great deal of software engineering skills, and electronics skills as well in the case of the dedicated IC. With all these conditions met, the PKC throughput remains mediocre. In some applications, PKC performance alone is not sufficient: for digital signatures, the speed of the hashing function can become critical, and for confidentiality, the encryption speed is important as well.

On a strict technical perspective, the choice between a dedicated IC and a DSP solution can be based on the ratio of productive transistors within the circuit. This favors dedicated ICs. But it overlooks the economics of product development, manufacturing, and support. The DSP market is such that significant funding is available for DSP design projects, and the related costs are amortized over wide range of products. In going from integrated circuit to printed circuit board, the electronic engineer using a DSP benefits from a more debugged electronic component, better documentation, affordable emulator tools, and the like. This usually means better time to market, hence higher profits. The software flexibility offered by the DSP alternative facilitates changes in algorithms (e.g. from RSA to DSA for digital signatures). So, at a given performance level, the DSP solution should win market acceptance, and represent the anticipated breakthrough: fast PKC within the reach of every PCB designer.

Given the economics behind the DSP market, It was just a matter of time before a generic DSP architecture, using the latest circuit manufacturing process, would beat the dedicated RSA ICs based on affordable technologies. Recently, Texas Instruments announced the "highest performance fixed point DSP." It uses a "0.25 micron/five level metal process", in other words the very latest advances in circuit manufacturing. After reviewing the TMS320C62xx DSP architecture, I must agree that it does fit the technical requirements of PKC. The supporting facts are notably that 1) 16 bit multiplications are performed at a rate of two every 5 nanosecond, and 2) a large portion of the transistors will be operating during the core PKC algorithm. It can be expected that the TMS320C6201 component would outperform many "commercial" RSA chips, while providing the flexibility of software-based solutions. It may be suspected that the National Security Agency (NSA) and/or defense contractors somehow helped the Texas Instruments in bringing a DSP architecture that fits the PKC requirements: the TMS320C62xx has the "bit count" instruction that is demanded for military cryptography.

At CONNOTECH, we developed a DSP-based PKC implementation with an excellent cost/performance solution but were unable to market in the form of a technology transfer, maybe because the best speed was obtained with the dedicated IC at that time. The Texas Instruments TMS320C62xx DSP architecture has the potential of a 20-fold improvement in performance over our current DSP solution. So, with the increasing use of PKC, it is to be expected that PKC software libraries will be licensed like TCP/IP, modem, or fax software libraries are licensed today for designs based on DSPs. That will be the end of the dedicated ICs for PKC for most applications, notably the high volume servers for electronic payments.


security scheme designalternative to PKIpatent publicationsSAKEMscholarly web contentsconsulting services ]
[ CONNOTECH home page: http://www.connotech.com/about us | e-mail to: info@connotech.com ]

CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691 Fax: +1-514-385-5900