 | | From: | Robin de Krijger | | Subject: | 3DES hardware solution?!? | | Date: | Wed, 19 Jan 2005 10:22:24 +0100 |
|
|
 | I am developing an application that uses 3DES encryption over data to be
communicated through USB. I am running into performance problems and I would
like to know if there is hardware available for this?
The situation now is as follows:
software software
normal -> 3DES-encrypts -> USB-transfer -> receiver decrypts data
data data
Is something like this available:
software
normal -> 3DES hardware -> USB-transfer -> receiver decrypts data
data encryption
Best regards,
Robin
|
|
| | From: | tum_ | | Subject: | Re: 3DES hardware solution?!? | | Date: | 19 Jan 2005 12:58:51 -0800 |
|
|
| If I'm correctly assuming that the 3DES is being performed by PC,this
should be doable for USB 1.1 (12 Mbit/s, iirc == 1.5 Mbyte/s). Which
software 3DES are u using? Do you have any specific requirements to the
minimal horse power of the pc? There were lots of discussions re
efficient DES implementations in this group...
For USB 2.0 (480Mbit/s) it is much harder to achieve but I can't say
'impossible' and also you rarely want to use the max possible speed.
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 08:27:54 +0100 |
|
|
| "tum_" wrote:
> If I'm correctly assuming that the 3DES is being performed by PC,this
> should be doable for USB 1.1 (12 Mbit/s, iirc == 1.5 Mbyte/s). Which
> software 3DES are u using? Do you have any specific requirements to the
> minimal horse power of the pc? There were lots of discussions re
> efficient DES implementations in this group...
> For USB 2.0 (480Mbit/s) it is much harder to achieve but I can't say
> 'impossible' and also you rarely want to use the max possible speed.
tum_, thank you for replying. Well, now for the answers:
I am using Christophe Devine's 3DES library, which is available for free
on the internet. The software I am writing is written in C and should run
on an industrial PC (I think we'll get a 1Ghz PC or so).
The data (really not that much: 32Kbyte) should be encrypted, and send to
a contactless chip. The data is divided into parts of 255bytes (limitation
of the communication protocol). And now it takes about 30 seconds...
Best regards,
Robin...
|
|
| | From: | Augustus SFX van Dusen | | Subject: | Re: 3DES hardware solution?!? | | Date: | Wed, 19 Jan 2005 15:49:24 GMT |
|
|
| On Wed, 19 Jan 2005 10:22:24 +0100, Robin de Krijger wrote:
> I am developing an application that uses 3DES encryption over data to be
> communicated through USB. I am running into performance problems and I would
> like to know if there is hardware available for this?
A silly question: Is 3DES a requirement? Or perhaps could you AES instead?
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Wed, 19 Jan 2005 19:31:07 GMT |
|
|
| "Augustus SFX van Dusen" wrote:
> A silly question: Is 3DES a requirement? Or perhaps could you AES instead?
Not a silly question, I know about the disadvantages on 3DES. But, yes, it
is a requirement... :-(
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Wed, 19 Jan 2005 19:45:47 GMT |
|
|
| "Augustus SFX van Dusen" wrote:
> A silly question: Is 3DES a requirement? Or perhaps could you AES instead?
Not a silly question, yes it is required. I know about the disadvantages...
:-(
|
|
| | From: | Paul Rubin | | Subject: | Re: 3DES hardware solution?!? | | Date: | 19 Jan 2005 13:01:46 -0800 |
|
|
| "Robin de Krijger" writes:
> I am developing an application that uses 3DES encryption over data to be
> communicated through USB. I am running into performance problems and I would
> like to know if there is hardware available for this?
What are you trying to do? At first I thought real-time disk
encryption, but then you asked about converting OID's, so it sounds
like you're more likely doing something with smart cards (hmm, maybe
IPSEC?).
Just how much performance do you need? 3DES in software should be
fast enough for most applications except the highest traffic ones.
Maybe you're just using a poor implementation and need to find a
better one.
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 08:36:30 +0100 |
|
|
| "Paul Rubin" wrote:
> What are you trying to do? At first I thought real-time disk
> encryption, but then you asked about converting OID's, so it sounds
> like you're more likely doing something with smart cards (hmm, maybe
> IPSEC?).
Haha! Smart guy, smart cards...
You are right of course. I am trying to read 32Kb from a contactless
smart card. And it works now, but the performance is way too bad.
It takes about 30s to read, and I would like it to be 10s at most...
So, a lot of work to do!
> Just how much performance do you need? 3DES in software should be
> fast enough for most applications except the highest traffic ones.
> Maybe you're just using a poor implementation and need to find a
> better one.
Could be. Like I just posted: I use Christophe Devine's library that
I found on the internetand a 1GHz PC . It was pretty hard to find one,
but this one works...
Well, any suggestions?!?
Regards,
Robin...
|
|
| | From: | Paul Rubin | | Subject: | Re: 3DES hardware solution?!? | | Date: | 20 Jan 2005 00:08:13 -0800 |
|
|
| "Robin de Krijger" writes:
> You are right of course. I am trying to read 32Kb from a contactless
> smart card. And it works now, but the performance is way too bad.
> It takes about 30s to read, and I would like it to be 10s at most...
> So, a lot of work to do!
That time is being spent in i/o. Any decent C library on a 1 ghz PC
will take no time at all for encrypting/decrypting that much data. If
you mean 32 kilobytes, that's 10 kbits/sec, which is not bad at all,
depending on the type of card.
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 09:19:58 +0100 |
|
|
| "Paul Rubin" wrote:
> That time is being spent in i/o. Any decent C library on a 1 ghz PC
> will take no time at all for encrypting/decrypting that much data. If
> you mean 32 kilobytes, that's 10 kbits/sec, which is not bad at all,
> depending on the type of card.
I'm not sure. During the communication (30s) I cpu-load is 100%, I always
thought that therefore, my PC was encrypting/decrypting. But maybe it's
just bad programming from me...
Regards,
Robin...
|
|
| | From: | Paul Rubin | | Subject: | Re: 3DES hardware solution?!? | | Date: | 20 Jan 2005 00:33:34 -0800 |
|
|
| "Robin de Krijger" writes:
> I'm not sure. During the communication (30s) I cpu-load is 100%, I always
> thought that therefore, my PC was encrypting/decrypting. But maybe it's
> just bad programming from me...
Maybe the program is busy-waiting for data on the usb port(?). That
was sometimes done in old-fashioned msdos serial port programs.
There's just no reason to burn that much cpu time. OpenSSL's des3
function does an 8 kbyte block in about 1 millisecond on my 1.2 ghz
laptop, to give you an idea of what a good implementation can do.
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 09:52:29 +0100 |
|
|
| "Paul Rubin" wrote:
> Maybe the program is busy-waiting for data on the usb port(?). That
> was sometimes done in old-fashioned msdos serial port programs.
> There's just no reason to burn that much cpu time. OpenSSL's des3
> function does an 8 kbyte block in about 1 millisecond on my 1.2 ghz
> laptop, to give you an idea of what a good implementation can do.
Could be, I'll have to get into it. Do you have an URL for OpenSSL's
DES3-function?!?
|
|
| | From: | Paul Rubin | | Subject: | Re: 3DES hardware solution?!? | | Date: | 20 Jan 2005 01:49:47 -0800 |
|
|
| "Robin de Krijger" writes:
> Could be, I'll have to get into it. Do you have an URL for OpenSSL's
> DES3-function?!?
www.openssl.org
|
|
| | From: | Andrew Swallow | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 11:55:57 +0000 (UTC) |
|
|
| Robin de Krijger wrote:
> "Paul Rubin" wrote:
>
>
>>That time is being spent in i/o. Any decent C library on a 1 ghz PC
>>will take no time at all for encrypting/decrypting that much data. If
>>you mean 32 kilobytes, that's 10 kbits/sec, which is not bad at all,
>>depending on the type of card.
>
>
> I'm not sure. During the communication (30s) I cpu-load is 100%, I always
> thought that therefore, my PC was encrypting/decrypting. But maybe it's
> just bad programming from me...
>
What does the computer do between each bit and each block?
Does it spend its time constantly reading a hardware register?
Andrew Swallow
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 14:26:22 +0100 |
|
|
| "Andrew Swallow" wrote:
> What does the computer do between each bit and each block?
> Does it spend its time constantly reading a hardware register?
> Andrew Swallow
Well, just finished looking at the whole process. Read and shiver! :-)
I read about 32Kbyte
That takes 14s (100% CPU-load)
I have to read the 32K in chunks of 248bytes, I get 141 chunks
During the 15s:
13.8s are spent busy/waiting for the response!!!
0.032s are spent calculating Message Authentication
0.061s are spent sending
0.003s are spent on 3DES
So, euh, let's forget about the 3DES hardware... That does not bring much...
Thank you all, really helpfull!!!!!
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 14:43:22 +0100 |
|
|
| "Robin de Krijger" wrote in message:
> 13.8s are spent busy/waiting for the response!!!
From here I conclude that each busy/waiting loop takes about 0.097s
When I put a Sleep(100); there, the CPU-load drops to 50%...
Regards,
Robin
|
|
| | From: | Robin de Krijger | | Subject: | Re: 3DES hardware solution?!? | | Date: | Thu, 20 Jan 2005 09:17:07 +0100 |
|
|
| "Paul Rubin" wrote:
> That time is being spent in i/o. Any decent C library on a 1 ghz PC
> will take no time at all for encrypting/decrypting that much data. If
> you mean 32 kilobytes, that's 10 kbits/sec, which is not bad at all,
> depending on the type of card.
For now, i doubt that. Within a couple of days I hope to receive a card that
does NOT need its data to be 3DES-encrypted/decrypted. Currently, I expect
the
communication to be much quicker... If it's not, you are right... :-)
|
|
| | From: | Andrew Swallow | | Subject: | Re: 3DES hardware solution?!? | | Date: | Wed, 19 Jan 2005 15:29:30 +0000 (UTC) |
|
|
| Robin de Krijger wrote:
> I am developing an application that uses 3DES encryption over data to be
> communicated through USB. I am running into performance problems and I would
> like to know if there is hardware available for this?
>
> The situation now is as follows:
>
> software software
> normal -> 3DES-encrypts -> USB-transfer -> receiver decrypts data
> data data
>
> Is something like this available:
>
>
> software
> normal -> 3DES hardware -> USB-transfer -> receiver decrypts data
> data encryption
>
> Best regards,
> Robin
Try this chip from Intel
http://www.intel.com/design/network/prodbrf/25249603.pdf
Or the rival chips from ARM
http://www.arm.com/markets/keyapp/2510.html
Boards containing the chips can be purchased. So can entire machines.
An alternative solution may be to buy faster computers.
Andrew Swallow
|
|
