survey of the commercially available chips and ip cores...
TRANSCRIPT
Survey of Commercially available chips and IP cores implementing cryptographic
algorithms
Prepared by - Micheal Dugan, Prajakta Gogte, Prerna Arora
Prepared for - ECE 646, Prof. Kris Gaj
December 19, 2005
Overview
• Goals• IPcores:
– Detailed explanation, types, uses, etc– Comparison parameters– Best of class
• Cryptographic Chips– Detailed explanation, types, uses, etc– Comparison parameters– Best of class
• Conclusion
Goals
• Perform a market survey to determine published IP core & Cryptographic chip data
• Populate separate comparison matrices for IP cores & Crypto chips
• Use comparison matrices and analyze performance parameters to form a “best of class” comparison
Need for IP cores
• Number of gates in a chip can reach several millions due to rapidly growing chip technology
• reuse of the existing designs becomes a very important concept in design methodology
• accelerates the development of new products to meet today’s time-to-market challenges
• Another advantage of reusing the existing blocks is to reduce the possibility of failure based on design and verification of ablock for the first time.
IP cores
• These pre designed modules are commonly called Intellectual Property (IP) cores.
• It is a block of logic or data that is used in making a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC) for a product.
• An IP core should be entirely portable - that is, able to easily be inserted into any vendor technology or design methodology.
IP cores
• The difference between a block on a single design (chip) and an IP core is that the signaling protocol and the clock parameters can be significantly different between chips. An IP core needs to be flexible enough to handle these differences
• Some examples of IP cores are Universal Asynchronous Receiver/Transmitter (UART), central processing units, Ethernet controllers, and PCI interfaces.
IP core categories
• Hard IP cores
Hard cores are physical manifestations of the IP design.
Integration is simple and the core can be dropped into a SOC physical design with very less effort.
Technology dependent.
Provide minimum flexibility and portability in reconfiguration and integration across multiple designs and technologies.
They are best for plug-and-play applications.
• Soft IP coresDelivered as RTL (Register transfer level) VHDL codes to provide functional descriptions of IP cores. Offer maximum flexibility and re configurability to match the requirements of a specific design application.Being synthesizable, are compatible with the ASIC design flow.Therefore, the quality of a soft IP is highly dependent on the effort needed in the IP integration stage of SOC design.
• Firm IP coresThey use the advantages of both hard cores and soft cores.Balance the high performance and optimization properties of hard IP cores with the flexibility of soft IP cores. These cores are delivered in the form of netlists (a list of the logic gates and associated interconnections making up an integrated circuit). They have a higher level of optimization and are targeted for a specific device architecture.They are less portable than soft cores.
Commercially Available Cryptographic IP core Vendors (by Algorithm)
Algorithm Vendors
AES IPCores, Actel, Altera, Helion, Cast, Athena group, Inc, Vocal Technologies, Ltd.
DES Actel, Alliance core (Xilinx), Helion, Cast, Athena
Triple DES Actel, Algotronix, Helion, Cast, Athena
MD5 Helion, Cast, Amphion, Silicon designs International, Inc
SHA-1 Helion, Cast, Amphion, Silicon designs International, Inc, Athena group, Inc
SHA-256 Helion, Cast, Cadence, HDL design use
IP Core Comparison Parameters
• Throughput- It is the data throughput in (bits/sec) which is a product of clock frequency in MHz and the number of bits of data per the number of clock cycles (bits/cycles)
• Maximum frequency (Master clock)- performance in MHz
• Number of clock cycles- Number of clock cycles of operation
• Core support for encryption and decryption- specifies whether the same core can be used for both encryption and decryption
• Area/Resources- Represents the total number of cells/slices/gates used for the design of the IP core
• Key size- Number of bits of the key
• Message digest output- Number of bits of the hash value (Message digest)
• Modes of operation- specifies the modes the core supports
AES comparison chartVendor Key
size(bits)
Cores Modes of operation
Throughput Area Clock frequency (MHz)
IP Cores 128 Advanced versions support both
encryption and decryption with the same core
ECB, CBC, OFB, CFB,
CTR
0.8, 1.6, 3.2, 6.4bits per clock cycle- as a function of data path width of 8, 16, 32,
64 bits
2948 gates (TSMC 0.18 micro) / 639
LUT(Altera FPGA) /236 SLICES(Xilinx
FPGA)
Actel 128 Encryption and Decryption
possible with the same core
ECB, CBC, OFB, CFB,
CTR
224, 102, 291 MbpsDepending on the
family
cells/tiles 5193, 5555, 3112
75, 35, 100
Amphion
128 Separate for Encryption and
Decryption
Pipelined 203K gate design
200
Helion 128, 192, 256
Separate for Encryption and
Decryption
ECB, CBC, OFB, CFB,
CTR
Standard > 500 Mbps
Fastest > 2 Gbps
Standard < 6K Fastest < 57K
> 200
Cast 128, 192, 256
Encryption and Decryption
possible with the same core
ECB, CBC, OFB, CFB,
CTR
157, 157, 183, 295, 316, 400Mbps depending on
the family
450, 450, 425, 365, 365, 244 LEs
54, 54, 63, 102, 109, 138
Athena 128, 192, 256
Encryption and Decryption
possible with the same core
ECB, CBC, OFB, CFB,
CTR
> 1Gbps 100
DES comparison chartVendor Key
size (bits)
Modes of operation
Throughput Area Clock frequency
Clock cycles
Actel 64 ECB, CBC, OFB, CFB,
MAC
320 Mbps 1271 gates 80 MHz-ProASIC3/E
family
16 clock cycles to
encrypt/decrypt 64 bits
Amphion 56 56.7 kgatedesign
200MHz
Helion 64 ECB, CBC, OFB, CFB,
MAC
> 1.25 Gbps < 6K gates > 180 MHz 8 -encryption + 1 - cycle load/unload
Cast 56 ECB, CBC, OFB, CFB
438,438,355,568 LEs
Depends on the family supported
83,84,97,190 MHz
depending upon supported
family
16 clock cycles-for encryption
and decryption
Athena 56 ECB, CBC, OFB, CFB
> 500 Mbps
For all vendors - Same core is used for encryption and decryption
Triple DES comparison chartVendo
rKey size
Cores Modes of operation
Throughput Area Clock frequency
Clock cycles
Actel 168 bits 3-56 bit keys
Encryption and Decryption possible with the same core
All DES modes- ECB, CBC, OFB, CFB
300 Mbps-ProASIC3/E
1413 cells/tiles 75 MHz-ProASIC3/E family
48 clock cycles to encrypt/decrypt 64 bits
Amphion
112-bit and 168-bit key length , 2 or 3 keys
Encryption and Decryption possible with the same core
56.7 kgatedesign
200MHz
Helion 112-bit and 168-bit key length , 2 or 3 keys
Same core offers dynamically selectable DES/3DES and encrypt/decrypt modes
All DES modes- ECB, CBC, OFB, CFB, MAC
> 460 Mbps < 6K gates > 180 MHz 24 clock cycles
Cast 112 or 168 bits –2 or 3 keys
Encryption and Decryption possible with the same core
All DES modes- ECB, CBC, OFB, CFB
Serial mode-1.333bits/cycle Partially pipeleined-4 bits/cycle
1720, 1699, 1757 LEsDepends upon family supported
64, 82, 190 MHz Serial mode-Encryption naddecryption in 48 clock cycles Partially pipelined- 16 clock cycles
Athena
112 bit keys
Encryption and Decryption possible with the same core
All DES modes- ECB, CBC, OFB, CFB
> 500 Mbps
MD5 comparison chartVendor Throughput
(Mbps)Clock
frequencyClock cycles Area Applications
Helion 1140 145 MHz 65 per algorithm step + 1 clock
loading per 512 bit block
16 K gates Hardware implemetation of Internet standard
HMAC(RFC2104) used for IPSecand SSL protocols, digital
signatures
Cast 25, 26, 39, 60, 69, 115
MHz
2262, 2261, 2285, 2290, 1527, 1259
LEs for Flex, Acex, Apex, Apex 2,
Cyclone, Stratix 1, Stratix 2 families
Electronic fund transfer, data transfer,encrypted data storage
Amphion >212MHz operation
65 master cycles (1 clock per
algorithm step + 1 clock load)
24-kgate design electronic financial transactions, personal mobile communications, secure corporate communications
and secure environments.
Silicon designs
International, Inc
400 50MHz 64 clocks to process single
block (512 bits) of data
324 CLBs (1296 logic cells)
used with the DSA in electronic mail, Electronic funds transfer,
software distribution, data storage, And other applications, which
require data integrity assurance and data origin authentication. The
MD5 may also be used whenever it is necessary to generate a
condensed version of a Message.
For all vendors - Message digest output is 128 bit MD
Best of class IP cores
• AES algorithm: Based on throughput with one key size = 128 bits
• Best core: Altera
• AES algorithm: Based on throughput with varying key sizes of 128, 192, 256 bits
• Best cores: Vocal, Helion, Athena
Vendor Throughput
IPCores 80 Mbps
Actel 224 Mbps
Altera > 2.5 Gbps
Vendor ThroughputHelion > 2 GbpsCast 400 Mbps
Athena > 1 GbpsVocal
Technologies > 2.5 Gbps
Vendor Same core / separate core
IPCores Same core for encryption and decryption
Actel Same core for encryption and decryption
Altera Separate core for encryption and decryption
Helion Separate core for encryption and decryption
Cast Same core for encryption and decryption
Athena Same core for encryption and decryption
• AES algorithm- Based on core support for both encryption and decryption
Vendor Area in number of Logic cells
IPCores 472
Actel 3112
Altera 6117
Helion 500
Cast 300
• AES algorithm- Based on the area/ number of resources
• Best cores: Cast, IPCores, Helion
• AES algorithm- Based on the clock frequency
• Best core: Helion
• So, based on these observations, the best of all AES cores is the Helion Technology AES core, the next best could be Actel AES core.
Vendor Frequency (MHz)
IPCores 200
Actel 100
Altera 120
Helion > 200
Cast 138
Athena 100
Vendor ThroughputActel 320 Mbps
Alliance 500 MbpsHelion > 1.25 GbpsAthena > 500 Mbps
• DES algorithm- Based on throughput
• Helion , Athena , Alliance have the top 3 DES throughputs
• DES algorithm- Based on clock frequency
• So, based on these observations, the best of all DES cores is the Helion Technology DES core.
Vendor Frequency(MHz)Actel 80
Alliance 63Helion > 180Cast 190
Vendor ThroughputActel 320 Mbps
Helion > 460 MbpsCast 240 Mbps
Athena > 500 MbpsXilinx 500 Mbps
• Triple DES algorithm- Based on throughput
• Athena, Helion, Xilinx have the top 3 DES throughputs
• Triple DES algorithm- Based on clock frequency
• Helion, Cast, Algotronix have the top3 3DES frequencies.
Vendor Frequency (MHz)
Actel 75
Algotronix 90
Helion > 180
Cast 190
Vendor Area in number of Logic cells
Actel 1413Algotronix 1450
Helion 1000Cast 1720
• Triple DES algorithm-Based on area / resources
• So, based on these observations, the best of all Triple DES cores is the Helion Technology Triple DES core.
Vendor Frequency (MHz)
Helion 145Cast 115
Amphion > 212Silicon design,
Inc 50
• MD5 algorithm - Based on clock frequency
• Amphion, Helion, Cast have the top 3 MD5 frequencies.
• MD5 algorithm - Based on area / resources
• So, based on these observations, the best of all MD5 cores is the AmphionMD5 core and the next best is the Helion Technology MD5 core.
Vendor Area in number of Logic cells
Helion Approx 2500Cast Approx 4000
Amphion 2262
Silicon Design Itnl, Inc 1296
Vendor Throughput (Mbps)Helion 1810Cast 1156
Silicon Design Itnl, Inc 422.4
Athena 640
• SHA-1 algorithm - Based on throughput
• Helion, Cast, Athena have the top 3 SHA-1 throughputs.
• SHA-1 algorithm - Based on frequency
• Helion, Cast, Athena have the top 3 SHA-1 frequencies
Vendor Frequency (MHz)Helion 290Cast 183
Silicon Design Itnl, Inc 66
Athena 100
• SHA-1 algorithm - Based on clock cycles
• So, based on these observations, the best of all SHA-1 cores is the Helion Technology SHA-1 core.
VendorNumber of clock
cycles for 512 bit data
Helion 82Cast 65
Silicon Design
Itnl, Inc
80
Amphion 82
Vendor Throughput
Helion 1963 Mbps
Cast 488.3 Mbps
Cadence 971 Mbps
HDL Design 1395 Kbps(Red Hat Linux system)
• SHA-256 algorithm - Based on throughput
• Helion, Cast, Cadence are the top 3
• SHA-256 algorithm - Based on frequency
• So, based on these observations, the best of all SHA-256 cores is the HelionTechnology SHA-256 core.
Vendor Frequency (MHz)
Helion 253
Cast 62
Cadence 133
HDL Design 550
Cryptographic Chips
What are cryptographic chips?
• Fully implemented hardware chips that provide not only cryptographic logic but also all necessary interfaces and I/O connections
• Ready for implementation.
• “Off-the-shelf”
Typical Applications
• Virtual Private Networks (IPSec)• SSL server connection• Firewalls• Routers (from small to enterprise)• Secure storage • Wireless Access Points• RF communications
Ten Vendors found
Atmel HIFN
Broadcom IBM
Cavium Mykotronx
SafeNet Sinosun
Harris Philips
Among these vendors there are 44 different cryptographic chips
Parameters Found• Encryption & Hash Algorithms and modes supported• RNG Speed and whether its HW or pseudo• Throughput for AES-128, -192, -256• Throughput for DES and Triple-DES• Throughput for IPSec-AES or 3DES • Throughput for SSL• RSA bit length, signatures or verifications/sec, and time to
generate key pair• DSA signatures or verifications/sec• Diffie-Hellman key exchanges/sec • Clock Freq (both core and interface)• Package type (TQFP, PBGA, etc) & dimensions• Supported Interfaces (pci, pcix) • Certification (FIPS, EAL, CC, etc)• Voltage (both signal and Vcc)
Best of class
• Highest Throughput for IPSec-AES• Highest Throughput for IPSec-3DES• Fastest Implementations of RSA• Fastest Implementations of DSA• Fastest Implementations of Diffie-Hellman• Which chips implement the most algorithms• Speed of RNG
Highest Throughput for IPSec-AESCrypto chip Throughput Application
Cavium Nitrox II 10 GbpsVPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup
BroadcomBCM5841 4.8 Gbps High performance, and can be used with
multiple 5841's in an enterprise routerHIFN 8350 HIFN 4350
(tied for 3rd)4 Gbps
Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage
Cavium Nitrox&
SafeXcel 1842 (tied for 4th)
3.2 Gbps VPN Gateway, Router Gateways / Applications like Mid to high range VPN security devices
HIFN 8300 HIFN 4300 (tied for
5th)2 Gbps
Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage
Highest Throughput for IPSec-3DES
Crypto chip Throughput Application
CaviumNitrox II 10 Gbps
VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup
HIFN 8350HIFN 4350 (tied for 2st) 4 Gbps
Applications for High-end entrprise security services VPNs, Firewalls, Server security and secure storage
CaviumNitrox 3.2 Gbps VPN Gateway, Router Gateways
BroadcomBCM5840 2.4 Gbps
High performance (wire speed) security applications. This would be connected to the NPU to create a secure solution for an enterprise router or layer 3 switch
HIFN 8154 2.3 GbpsApplications for High-end entrprise security services in multi service appliances
Fastest Implementations of RSA (Signatures/sec using 1024bit)
Crypto chipSig/sec
(1024-b) ApplicationCaviumNitrox I 42000 VPN Gateway, Router Gateways
CaviumNitrox II 40000
VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup
BroadcomBCM5825 12000 High performance embedded VPN
solutions
IBM Otello 3300 Proprietary chip embedded in the PCIXXC board
SafeXcel1842 1400 Applications like Mid to high range
VPN security devices
Fastest Implementations of DSA (Signatures/sec 1024 bit)
Crypto chipSig/sec
(1024-b) Application
SafeXcel1842 1440
Applications like Mid to high range VPN security devices
SafeXcel1841&1840
(tied for 2nd) 1250Applications like Mid to high range VPN security devices
HIFN 8350 675
Applications for High-end entrprise security services VPNs, Firewalls, Server security
Broadcom 6500 546
For VPN and secure electronic commerce devices
HIFN 4350 540
For High-end (gigabit Ethernet) channels to secure storage and data repositories
Fastest Implementations of Diffie-Hellman (exchanges/sec)
Crypto chipD-H Key Gen/sec Application
CaviumNitrox I 72000 VPN Gateway, Router Gateways
CaviumNitrox II 60000
VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and Server backup
BroadcomBCM5825 12000 High performance embedded VPN solutions
CaviumNitrox Lite 1500 SOHO-VPN gateways and routers
SafeXcel1842 1425 Applications like Mid to high range VPN
security devices
Chips That Implement the most algorithms
• SafeXcel 1840, 1841, 1842• Broadcom 5812, 5823, 5825• Cavium Nitrox Lite, Nitrox I, & Nitrox II• HIFN 7814, 7815, 7851, 7854, 7855, 7954,
7955, 7956, 8054, 8065
Symmetric: DES, 3DES, AES (128, 192, 256), ARC4
Modes of Operation: ECB, CBC, OFB, CFB
Hash Algorithms: MD5, SHA-1, HMAC-MD5. HMAC-SHA-1
Public Key: RSA, DSA, DH
Speed of RNGCrypto chips
RNG Speed TRNG Application
CaviumNitrox II 320 Mbps Y
VPN Gateway, IPSEC & SSL Server connections, Server Load balancing, and
Server backupCaviumNitrox I 200 Mbps Y VPN Gateway, Router Gateways
CaviumNitrox Lite 100 Mbps ** SOHO-VPN gateways and routers
SafeXcel1840, 1841,
184220 Mbps Y Applications like Mid to high range VPN
security devices
SafeXcel1741 1Mbps Y Applications like low to Mid range VPN
security devices** The datasheet did not specify
Best of Class
1st Cavium Nitrox II2nd Cavium Nitrox 13rd SafeXcel 18424th HIFN 83505th HIFN 4350
Conclusion
• In Summary:– The Best IP core among all Algorithms is by:
Helion Technologies
– The Best Cryptographic Chip among all parameters is:
Cavium Networks Nitrox II
Questions?